Back to all jobs

Penetration Tester

Fast

Aug 17

Build the world's fastest Identity and Checkout products

Company Mission

Our mission is to make buying online faster, safer and easier for everyone. Fast Login and Fast Checkout enable a one-click sign-in and purchasing experience that makes it easier for people to buy and merchants to sell. The company’s products work on any browser, device or platform to deliver a consistent, stress-free purchasing experience. Fast is entirely consumer-focused and invests heavily in its users’ privacy and data security. Headquartered in San Francisco but open to a globally remote workforce, we are a founders-led, privately held company funded by Stripe, Index Ventures, Susa Ventures and other world-class investors.

We are committed to diversity and inclusion, and demonstrate our values through equitable pay, fantastic benefits, and access to all reasonable accommodations. 


Summary

We are looking to expand our team by adding an accomplished Penetration Tester to design and build our Offensive Security Program. If you have deep experience setting up a mature penetration testing program, we want to talk to you!

Role

    • Typical tasks include conducting and/or supporting authorized penetration testing on enterprise network and application assets, analyzing site/enterprise configurations
    • Testing will be conducted on various systems on an as-needed basis across the enterprise and its offices
    • Candidate will need to be able to perform assessment on various system including obtaining evidence and writing final assessment reports
    • Working closely with Security Engineering and Product Engineering teams in red team - blue team exercises
    • Maintain a risk raed vulnerability assessment and work with other teams to remediate the highest risk vulnerabilities

Requirements - (We know that our wishlist is lengthy and encourage you to apply- the ideal candidate may not have everything, but will possess the desire to learn and passion for the company)

    • Penetration testing principles, tools, and techniques (e.g., metasploit, Kali, etc.), and the ability to identify systemic security issues based on the analysis of vulnerability and configuration data
    • Understanding of how traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System,Interconnection Model (OSI), Information Technology Infrastructure Library, v3 (ITIL))
    • System and application security threats and vulnerabilities
    • Network protocols such as TCP/IP, Dynamic Host Configuration (DHC), Domain Name System (DNS), and directory services
    • System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay attack, return-oriented attacks, and malicious code)
    • General attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
    • Network access, identity and access management (e.g., Public Key Infrastructure (PKI)
    • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)
    • Information Assurance (IA) principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
    • Assessing the robustness of security systems and designs
    • Use of social engineering techniques
    • Using network analysis tools to identify vulnerabilities
    • Ability to identify systemic security issues based on the analysis of vulnerability and configuration data
    • Knowledge of NodeJS, TypeScript, Golang, NoSQL and SQL programming languagesCEH or OSCP certification
    • Experience pentesting containers (Docker) and container orchestration (Kubernetes)
    • Experience pentesting AWS, GCP, Azure public cloud infrastructure
    • Good usage of case management tools and documentation processes
    • Great customer service and enthusiastic attitude
    • Fantastic communication

Bonus

    • Experience in startup companies
    • Any development experience

Benefits and Perks- Because People Matter

Comprehensive insurance (paid 99% by the company) with no deductible, and 10 dollar copays
Globally remote with flexible work schedules to fit your needs
Generous paid parental/family leave for all caregivers- up to 12 weeks
401k with match up to 4%
Equity grant
People-focused PTO that you determine- time off is there when you want it, when you need it
Frequent inclusive events scheduled to allow everyone to express their voice (or dance skills)
Monthly exercise and internet stipends---and snacks