Penetration Tester

Join Pitney Bowes as a Senior Penetration Tester – Red Team

Years of experience: 10+ years 

Job Location – Pune 

Impact 

Pitney Bowes Information Security is looking for a highly motivated, experienced, and skilled specialist to join the Red team. The security testing team protects Pitney Bowes’s data, and brand by identifying vulnerabilities and threats to our organization through the use of pen testing, red teaming and simulated cyber security attacks.  

This is a key member of the Security Testing team, and will lead efforts in planning, developing, and executing pen tests and adversarial exercises against our networks, systems, applications, and users. The Senior Tester will work with internal and external groups to lead communications around risks identified throughout Pitney Bowes’s environment. This role will make a difference by working with Pitney Bowes’s defenders (Purple Teaming) to secure our organization against current and emerging threats. 
The ideal candidate will have advanced experience performing penetration tests against systems, applications, and networks, and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans. 

The Job 

• This is a key member of the Advanced Security Testing team, and will lead efforts in planning, developing, and executing adversarial exercises against our networks, systems, applications, and users 

• The Senior Tester will work with internal and external groups to lead communications around risks identified throughout Pitney Bowes environment. 

• This role will make a difference by working with Pitney Bowes defenders (purple teaming) to secure our organization against current and emerging threats 

• Provide leadership on the latest critical information security vulnerabilities, threats, and exploits, as they apply within the Pitney Bowes environment. 

• Develop and implement red team methodology to assess risk within Pitney Bowes networks, systems, applications, and users 

• Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in Pitney Bowes environment and monitoring/response programs 

• Assist in the management and development of command and control (C2) infrastructure 

• Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers 

• Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including Pitney Bowes SOC and junior team staff members 

• Identify enhancements to tools, standards, and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program 

• Perform web and IOT application security assessments, as needed including tasks such as: 

• Performing security assessments for Pitney Bowes applications across the enterprise 

• Static & dynamic application security testing and/or penetration testing of applications 

• Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities  

Qualifications & Skills required 

• Bachelor’s degree and 10 years’ experience with direct enterprise-level red team and/or penetration testing experience 

• Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source tools 

• Hands-on experience with command and control (C2) best practices, infrastructure, beacon deployment and management.  

• The ideal candidate should have experience with security protocols and/or technologies such as REST APIs, Burp Suite /ZAP, Kali Linux, Nmap, Metasploit, Powersploit, Lolbins etc. 

• Candidate must understand security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK 

• The candidate should be able to automate tasks in Python, bash, Java, Terraform etc.  

• Have a strong understanding of attacks in AWS, OAuth etc. 

• Have experience using secure development frameworks (i.e. OWASP Top 10, SANS Top 25 and Microsoft SDL). 

• Nice to have - You are proficient in bypassing and tuning security technologies (i.e. Anti-Malware, IDS, DLP, FIM, Firewalls, SIEM, MFA, Web Proxies and WAF). 

• Adept at communicating concepts to diverse audiences with varying skill sets 

• Relevant certifications such as OSCP, OSWP, GPEN are strongly preferred 

• Strong Knowledge of the following: 

• Operating systems (including Windows, Linux, Unix, and MacOS) 

• Networking fundamentals and technologies like Zero Trust a big plus 

• Cloud security a big plus 

• Application architectures and technologies 

• Penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration. 

About Pitney Bowes 

Pitney Bowes (NYSE:PBI) is a global technology company providing commerce solutions that power billions of transactions. Clients around the world, including 90 percent of the Fortune 500, rely on the accuracy and precision delivered by Pitney Bowes solutions, analytics, and APIs in the areas of ecommerce fulfillment, shipping and returns; cross-border ecommerce; office mailing and shipping; presort services; and financing. For 100 years Pitney Bowes has been innovating and delivering technologies that remove the complexity of getting commerce transactions precisely right. For additional information visit Pitney Bowes at https://www.pitneybowes.com/in. 

Only Talent Matters at Pitney Bowes 

Pitney Bowes is an equal opportunity workplace. To remove unconscious biases from our hiring process, we encourage ‘Blind Applications’ from candidates applying for jobs at Pitney Bowes. This means that details such as gender, caste, religion, nationality, and age are omitted from applications. And candidates can choose to reveal only their first or last name on the application.  

Watch the video here: https://www.youtube.com/watch?v=dNB-K5KFU78  

Watch the videos below for more information about Life at Pitney Bowes: 

• Who we are 

• Pitney Bowes All Stars 

• Pitney Bowes named a Great Place to Work® 

• Pitney Bowes Gratitude Video 

• Pitney Bowes COVID Care