Offensive Specialist, Senior Security Engineer
Our Opportunity:
We're looking for a Senior Security Engineer in our Dania Beach, FL location to join our Research, Architecture, Design, Command (RADCOM) Team. This team helps Chewy through vulnerability discovery, disclosure and mitigation in our products, services, infrastructure, and ecosystem. This person will be responsible for performing attack simulations, adversarial threat modeling, penetration tests, and security reviews for Chewy products and services. You will be responsible for discovering vulnerabilities at Chewy, its products and services and conduct threat modeling exercises on people, processes, and technologies that build up our products and services. You will also design red team exercises in collaboration with other security teams to help improve our security incident response and overall security program.
As a member of our RADCOM Team, you’ll be responsible for ensuring that Chewy’s products, services, and processes are continuously tested and resilient against an attack from threat actors. You’ll be working with the team to focus on the systems, services, and processes that protect Chewy’s most valuable resources, and communicate with internal and external stakeholders as needed.
What You’ll Do:
- Provide an adversarial perspective that productively challenges assumptions and decisions to improve security
- Collaboratively define threat models, scope, and prioritize offensive security engagements
- Integrate offensive security into security development lifecycle
- Research emerging attack vectors and techniques, including targeting user endpoints, cloud platforms & systems, development infrastructure, system integrations, and everything in between
- Design and plan offensive exercises based on research into threat actors most relevant to Chewy’s business operations
- Build, modify, and implement tooling and automation to improve the offensive capabilities of the team to meet our evolving objectives and mitigate security threats
- Perform ongoing, proactive analysis of Chewy’s internal and external attack surface
- Participate in blue / purple-team exercises to improve efficacy of internal security programs
- Develop training programs on security-related topics such as threat modeling, user awareness, attack techniques, and mitigation strategies
- Document and effectively contextualize issues with respect to business impact
- Devise pragmatic methods of mitigating security risks
- Coordinate, collaborate, and communicate within the RADCOM Team and with stakeholders in Security, Engineering, and other departments
What You’ll Need:
- Bachelor’s degree in computer science or engineering related field or equivalent work experience
- Minimum of 7 years in a senior IT role
- Minimum of 4 years in a vulnerability analyst, penetration tester or risk analyst role
- Web application security expertise
- Familiarity with static code analysis concepts and tools
- Familiarity with dynamic application testing concepts and tools
- Working knowledge of one or more of the following programming languages
- Java
- Python
- Kotlin
- Swift
- Go
- Hold industry recognized certifications such as: GPEN, GWAPT, GCIA, GCIH, OSCP, GXPN etc.
- Working level knowledge of AWS foundations and well architected framework
- Experience with log analysis tools such as Splunk, Elastic with Kibana etc.
- Experience with shell scripting or automation of simple tasks using BASH, PowerShell, Python, Ruby, Go etc.
- Experience developing, extending, or modifying exploits, shellcode or exploit tools
- Strong knowledge of tools used for web application and network security testing, such as Kali Linux, Metasploit, Burp suite, Core Impact, Cobalt Strike, Nessus, Web Inspect, and Scuba etc.
- Position may require travel
Bonus:
- Experience with agile scrum and/or kanban methodologies
- Experience in ecommerce
- Self motivated with excellent problem solving skills and able to perform job functions with little direct supervision
Chewy is committed to equal opportunity. We value and embrace diversity and inclusion of all Team Members.
If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at Chewy, please contact HR at chewy dot com
To access Chewy’s Privacy Policy, which contains information regarding information collected from job applicants and how we use it, please click here: https://www.chewy.com/app/content/privacy).