Penetration Testing Staff Engineer - 5+ yrs

Department: Product Security / PSIRT

Overview

As a Staff Penetration Tester within the SonicWall PSIRT, you will assess the security of SonicWall’s web applications, firmware, and network security products. This hands-on technical role involves performing end-to-end vulnerability assessments, penetration testing and coordinated vulnerability research across SonicWall’s full product ecosystem.

Key Responsibilities:

Penetration Testing & Vulnerability Assessment

• Perform manual and automated penetration testing across web applications, firmware, and network appliances.
• Identify, exploit, and document vulnerabilities across diverse layers — from web interfaces to embedded firmware and network protocols.
• Conduct vulnerability scanning of SonicWall products, VMs, servers, and backend systems
• Execute firmware and binary analysis using tools such as IDA Pro, Ghidra, and binwalk to uncover low-level security flaws.
• Perform web and API pen testing targeting OWASP Top 10 and emerging web vulnerabilities (e.g., SSRF, deserialization, logic flaws).
• Assess firmware update mechanisms, cryptographic implementations, and secure boot processes for tampering or privilege escalation risks.
• Prepare detailed vulnerability reports including exploit paths, root cause analysis, and recommended remediations.
• You will collaborate closely with engineering, QA, and development teams to identify, validate, and mitigate vulnerabilities — ensuring SonicWall products meet the highest standards of security and resilience.
• Support PSIRT investigations, including triage of internally discovered and externally reported vulnerabilities.
• Contribute to tooling, automation, and scripts that enhance penetration testing efficiency and coverage.
• Conduct independent research on novel web, network, and firmware vulnerabilities.
• Develop internal methodologies and knowledge base for consistent test execution across product domains.
  

Required Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, Computer or Electrical Engineering, or equivalent experience.
• 5+ years of experience in penetration testing, red teaming, or vulnerability research.
• Strong understanding of network protocols, web application security, and firmware architectures.
• Proficiency with tools such as Burp Suite, Nmap, Nessus, Metasploit, IDA Pro, Ghidra, binwalk, Scapy, Wireshark, and OWASP ZAP.
• Working knowledge of web technologies (HTTP/S, REST, TCP/IP, DNS, SMTP), Linux internals, and scripting languages (Python, Bash, PowerShell).
• Ability to perform source code reviews in C/C++, Java, C#, or Python for security flaws.
• Strong communication skills — capable of presenting technical findings to both engineers and management.
• High attention to detail, strong analytical thinking, and self-driven approach to testing complex environments.
  

Preferred Qualifications

• Certifications: CEH, OSCP, GPEN, GWAPT, OSWE, GREM, or equivalent.
• Experience with secure development lifecycle (SDLC) integration and DevSecOps automation.
• Familiarity with exploit development, fuzzing frameworks (boofuzz, Peach), or custom test harnesses.
• Understanding of cryptographic mechanisms, secure boot, and firmware validation.
• Prior experience contributing to CVE reporting or vulnerability disclosure programs (VDP/bug bounty).

#LI-NR5

#LI-Hybrid