Senior Penetration Testing Engineer

Company Description

About CyberArk:
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on Twitter, LinkedIn or Facebook.

Job Description

As a Senior Penetration Tester in CyberArk Labs, you will be the go-to-guy to find traditional and creative ways to break all kinds of products. You will also take part in building robust solutions

• Hands-on penetration testing of CYBR products.
• Assist, mentor, and educate about internal secure development methodologies and CYBR's "Security Champions" program.
• Present findings and work closely with software architecture and development teams to ensure products are developed in line with our security standards.
• Building custom instrumentation and tools to assist in security assessments.
• Leading security research projects focused on finding vulnerabilities and on innovation of new security layers and approaches

#LI-OS1

Qualifications

What you need to succeed:

• At least 5 years of experience in hands-on security research and security code review.
• Hands-on experience in penetration testing cloud, web, and mobile applications.
• Experience with code security surveys - ability to read code and identify security issues.
• Experience and knowledge with open source and commercial P.T tools for scanning and detecting weaknesses.
• Demonstrated experience in scripting (Python, Powershell, Bash) and software development (C, C++, C#, Java)
• Deep understanding of security principles, theories, and attacks.
• Deep understanding of network protocols and data security.
• Knowledge of encryption methods and protocols.
• Ability to work in a dynamic, fast-moving, and growing environment
• Good self-learner and out of the box thinker
• Fluent in English and Hebrew (speaking and writing), presentation and crowd-facing skills
• At least one article on a technical topic in a well-known website/media news

Additional Information

How will you stand out from the crowd :

• Offensive Security Certifications such as OSCP, AWAE, OSCE.
• Bachelor's degree in Computer Science or related field.
• IDF service in an elite technology unit
• Examples of thought leadership activities in the security space (e.g. blog posts or conference talks).
• Experience evaluating and implementing various categories of software security tools (e.g. SAST, DAST, SCA)
• Demonstrated security research activities (e.g. participation in bug bounties or credit for reporting CVEs).
• Experience working with MAC OS.
• Experience with assessment of containerized environments (docker, k8s).
• Reverse Engineering skills.