PluralsightRemote
Threat Engineer
United States of America
Full Time
2 weeks ago
$106,000 - $140,000 USD
H1B Sponsor Likely
Key skills
JiraPenetration Testing
About this role
Pluralsight is a learning platform dedicated to accelerating technology skills. They are seeking a Threat Engineer to manage external attack surfaces and oversee offensive security programs, ensuring vulnerabilities are identified and neutralized before impacting their platform.
Responsibilities:
- Govern Penetration Testing: Manage outsourced penetration testing programs, ensuring scopes align with compliance and business risk. Act as the primary technical point of contact to unblock vendors and ensure rigorous testing
- Audit Remediation: Oversee the vulnerability pipeline, ensuring findings are accurately translated into Jira tickets and tracking developer SLAs through to resolution
- Triage Bug Bounties: Act as the first line of defense for our crowdsourced vulnerability disclosure program; reproducing and validating exploit reports from external researchers
- Monitor & Analyze: Daily triage of our Threat Intelligence Platform (TIP) for credential exposures and active exploits. You’ll translate raw intelligence into proactive defensive measures
- Domain Administration: Serve as the primary admin for our Enterprise Domain Management platform, handling registrations, renewals, and DNS security (DNSSEC, DMARC, etc.)
- Takedown Management: Actively monitor for typosquatting and brand impersonation, initiating takedowns when malicious intent is confirmed
- Phishing Simulations: Design and analyze organizational phishing campaigns to improve employee resilience
- Incident Escalation: Serve as the lead investigator for user-reported phishing and social engineering attempts
Requirements:
- Requires 5+ years of related or equivalent experience within security operations, threat intelligence, or product security; or 3+ years with an advanced degree
- Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors. Devises solutions based on limited information and precedent and adapts existing approaches to resolve issues. Uses evaluation, judgment, and interpretation to select the right course of action. Work is done independently and is reviewed at critical points
- Proven experience manually validating web application and cloud vulnerabilities. Ability to critically review third-party pentest reports to ensure vendor quality and accuracy
- Strong organizational discipline to manage external testing vendors, audit contractor workflows, and drive cross-functional remediation efforts without requiring direct authority
- Experience managing corporate domain portfolios, DNS configurations, and digital brand protection strategies
- Preferred certifications: Threat Intelligence & Defense: GIAC Cyber Threat Intelligence (GCTI), CompTIA Cybersecurity Analyst (CySA+/SecurityX). Offensive Security & AppSec: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), or CompTIA PenTest+. Security Program & Audit Governance: Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM)