Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformJavaPythonRubyC#C++CBashAIMLGCPGoogle CloudLeadershipStrategic PlanningMentoringCommunicationPresentation SkillsOWASPPenetration Testing
About this role
Role Overview
- Conducting a variety of Pen Tests, including web application, network, mobile, and cloud penetration testing, as well as participating in red team exercises.
- Contribute to ongoing efforts to strengthen our security infrastructure and offensive capabilities.
- Take ownership of projects, mentor junior team members, and collaborate with cross-functional teams to assess and remediate vulnerabilities.
- Perform vulnerability scanning and penetration testing across diverse systems, applications, technologies and environments.
- Identify program improvement opportunities and develop processes to mature and scale the Pen Testing program.
- Present thought leadership in new and emerging advanced security trends, vulnerabilities and attack techniques.
- Lead security research and development efforts and provide technical leadership.
- Develop remediation strategies and architect solutions to challenging cybersecurity gaps.
- Execute application penetration tests for APIs, mobile SDKs, cloud environments and web applications from both open and closed-box perspectives.
- Analyze and prioritize findings based on the Common Vulnerabilities and Exposures (CVE) database, the Common Vulnerability Scoring System (CVSS) and internal Risk Rating system.
- Contribute to and maintain the team’s tools, labs, and attack infrastructure; actively share knowledge through internal wikis and repositories.
- Effectively communicate findings and recommendations to both technical and non-technical stakeholders, preparing comprehensive reports and presentations.
- Stay informed on the latest cybersecurity trends, techniques, and vulnerabilities by following industry publications and threat feeds.
Requirements
- 5+ years of experience in penetration testing with hands-on experience using tools like Burp Suite, Nmap, Metasploit, Nessus etc.
- Advanced proficiency in cloud platforms
- AWS, GCP, Azure and mobile app security testing.
- Stay current with emerging threats and techniques in AI/ML security.
- Complete understanding of the OWASP Top 10, CVSS, and CVE databases.
- Extensive experience in strategic planning and executing large-scale, enterprise-wide security initiatives to address complex security challenges.
- Proven experience in leading security research and development initiatives.
- Contributions such as research publications, CVEs, CTF participation, and conference presentations are considered valuable additions.
- Demonstrated ability to work independently on complex assessments while collaborating with cross-functional teams.
- Proven expertise in mentoring and providing guidance to junior team members.
- Strong scripting experience with Python, Bash, Ruby, C/C++, C#, or Java to automate testing processes and streamline remediation.
- Strong analytical, problem-solving, and communication skills, with attention to detail and a proactive mindset.
- Strong presentation skills.
- Certifications such as: OSCP, OSWA, OSWE or similar.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
- Java
- Python
- Ruby
Benefits
- Medical & Dental
- 401(k) Savings Plan
- Generous paid time off
- Life Milestones
- from adoption assistance, childcare resources, pet insurance, and more, Comcast supports you at all life stages.
- Courtesy Services
- We offer all of our full-time employees in serviceable areas free digital TV and internet.
- Discount tickets for Universal Resorts, including theme park tickets and onsite hotel rooms.