One stop solution to your remote job hunt!
By signing up you get access to highly customizable remote jobs newsletter, An app which helps you in your job hunt by providing you all the necessary tools.
About the team:Robinhood is looking for a Senior Penetration Tester who is passionate about breaking and fixing applications, services and processes to join the Robinhood Pentest Team.The pentest team is part of the larger Offensive Security team and is a core pillar of Security & Privacy Engineering. The pentest team will work with teams across Robinhood to ensure our products, services, and processes are secure through threat modeling, automated & manual penetration testing, and tracking remediations of identified vulnerabilities.Here are some examples of things our team does frequently that you’ll be heavily involved with:Perform threat modeling against critical and new services. Articulate the actual security risk to Risk working groups.Validation of critical/high vulnerabilities surfaced via vulnerability automation tooling.Perform application assessments, internal and external penetration testing focusing not just on network and application level vulnerabilities but fully understanding what risk to Robinhood the vulnerabilities pose especially as they relate to business logic and fraud opportunities.Triage Bug Bounty reports and interact with Bug Bounty ResearchersConduct vulnerability research to understand latest TTPs and exploits.Conduct vulnerability research into futures technologies robinhood may deploy Fixing issues and leaving things better than they found them and not just finding broken things. What you’ll do day-to-day:Perform application security penetration tests to include source code reviews (Golang/Python). This will be your primary role.Triage Bug Bounty reports as part of the Bug Bounty on call rotation.Perform threat modeling against critical and new services. Articulate the actual security risk to risk working groupsUse, configure, and write automation to identify and validate vulnerabilities surfaced via vulnerability automation toolingPerform internal and external penetration, code reviews, and design/architecture reviews testing focusing not just on network and application level vulnerabilities but fully understanding and articulating what risk to Robinhood the vulnerabilities pose especially as they relate to business logic and fraud.Work closely with development teams to mitigate or remediate security vulnerabilities preferably by submitting Pull Requests (PRs) with the code to remediate the identified vulnerabilitiesBuild or suggest detection and monitoring for attacks on the application or infrastructureConduct vulnerability research to understand latest TTPs and exploitsConduct vulnerability research into future technologies Robinhood may deploy Publish blog posts and present talks at security conferencesBe a technical advocate for privacy and security decisions, designs, and discussionsMake recommendations for organization-wide system improvements, optimization and/or maintenance efforts and engages with stakeholders to remediate vulnerabilities and risks when requiredAbout you:3-5+ years of experience as a Penetration Tester, Security Researcher, or Security EngineerCan perform source code review of Golang and PythonStrong foundation in computer and network security, authentication, security protocols and applied cryptographyExperience in web app security, vulnerability research, and penetration testingKnowledge of network-based and system-level attacks and mitigation methodsFamiliarity with at least some of the following: Python, Go, bashFamiliarity with log formats and intrusion detection systems for Linux based systemsFamiliarity with common network protocols and standards such as DNS and TCP/IPExperience with attacking cloud based environments, software development technologies, devops tooling, and web applicationsFamiliarity and experience with AWS, GCP and other cloud providers and best practices for securing cloud infrastructureExperience with containers and container orchestration systems such as Docker and Kubernetes. Ability to research and execute a testing plan to assess a new technology or processExcellent written and verbal communication skills and ability to communicate your findings at both high and technical levelsDemonstrated experience performing penetration testing on a remote teamProficiency to communicate over a text-based medium (Slack, JIRA Issues, GitHub issues, & Email) and can succinctly document technical details Bonus points:Experience in the Financial Technology domainPassion and demonstrated experience for challenging security assumptionsPassion for fixing security issues and not just identifying security issuesCO Residents: In Colorado, the base pay for this position ranges from $169000 to $224000. This role is also eligible for an annual discretionary bonus and participation in Robinhood’s equity plan. #Salary and compensation
No salary data published by company so we estimated salary based on similar jobs related to Design, Senior, Marketing, Sales, Digital Nomad, Amazon, Consulting, DevOps, Cloud, Jira, Docker, Testing, Golang and Linux jobs that are similar:$62,500 — $120,000/year#LocationSan Francisco, California, United States