PluralsightRemote
Threat Engineer
United States of America
Full Time
2 weeks ago
$106,000 - $140,000 USD
No H1B
Key skills
JiraPenetration Testing
About this role
Pluralsight is a leading learning platform dedicated to enhancing technology skills. They are seeking a Threat Engineer to manage external attack surfaces, oversee offensive security measures, and mitigate human risks through various security programs.
Responsibilities:
- Govern Penetration Testing: Manage outsourced penetration testing programs, ensuring scopes align with compliance and business risk. Act as the primary technical point of contact to unblock vendors and ensure rigorous testing
- Audit Remediation: Oversee the vulnerability pipeline, ensuring findings are accurately translated into Jira tickets and tracking developer SLAs through to resolution
- Triage Bug Bounties: Act as the first line of defense for our crowdsourced vulnerability disclosure program; reproducing and validating exploit reports from external researchers
- Monitor & Analyze: Daily triage of our Threat Intelligence Platform (TIP) for credential exposures and active exploits. You’ll translate raw intelligence into proactive defensive measures
- Domain Administration: Serve as the primary admin for our Enterprise Domain Management platform, handling registrations, renewals, and DNS security (DNSSEC, DMARC, etc.)
- Takedown Management: Actively monitor for typosquatting and brand impersonation, initiating takedowns when malicious intent is confirmed
- Phishing Simulations: Design and analyze organizational phishing campaigns to improve employee resilience
- Incident Escalation: Serve as the lead investigator for user-reported phishing and social engineering attempts
Requirements:
- Requires 5+ years of related or equivalent experience within security operations, threat intelligence, or product security; or 3+ years with an advanced degree
- Works on problems of diverse scope where analysis of information requires evaluation of identifiable factors
- Devises solutions based on limited information and precedent and adapts existing approaches to resolve issues
- Uses evaluation, judgment, and interpretation to select the right course of action
- Work is done independently and is reviewed at critical points
- Proven experience manually validating web application and cloud vulnerabilities
- Ability to critically review third-party pentest reports to ensure vendor quality and accuracy
- Strong organizational discipline to manage external testing vendors, audit contractor workflows, and drive cross-functional remediation efforts without requiring direct authority
- Experience managing corporate domain portfolios, DNS configurations, and digital brand protection strategies
- Preferred certifications: Threat Intelligence & Defense: GIAC Cyber Threat Intelligence (GCTI), CompTIA Cybersecurity Analyst (CySA+/SecurityX)
- Offensive Security & AppSec: GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), or CompTIA PenTest+
- Security Program & Audit Governance: Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), or Certified Information Security Manager (CISM)