Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Lead Software Engineer – Security Platform
Company White Oak Security
Location REMOTE
Preferred GIAC Certifications GSEC, GPEN, GWAPT, GXPN
Travel 5%
Salary Not provided
Contact Name Christopher Emerson
Contact Email christopher.emerson/at/
Expires 2021-04-11

Job Description

Lead Software Engineer – Security Platform
White Oak Security is seeking a Lead Software Engineer – Security Platform. You will focus on full stack application development and maintenance of White Oak Security’s proprietary security engagement platform. This platform allows White Oak Security consultants to rapidly generate security engagement project reports, and provides clients secure access to review these reports through an intuitive interface.

As White Oak Security continues to push the boundaries of offensive security, this pivotal role will continue that tradition by enabling our trusted clients to more rapidly identify, prioritize and remediate security issues.

You have a proven track record of security-focused application development and/or security engagement delivery with a deep understanding of application software.

You are nimble in your analysis and find opportunities for innovative solutions that benefit everyone

You may also periodically conduct penetration testing and red teaming exercises.

At White Oak Security, we love what we do, and we want to provide a place where talented professionals can thrive.

Our people are our first priority. We want our employees and their families to be happy — this has allowed us to bring together the best talent and drives everything we do.

We enjoy a caring and happy culture where people feel valued. It’s important that our team members enjoy what they do and have the curiosity to keep learning.

Our team values true depth of knowledge which translates into quality. We believe in delivering comprehensive solutions and actionable reports.

We want to do the right thing and offer services that do the most good. Our clients want someone they can trust with their sensitive data and who will support them through anything.

-Improve and evolve security engagement platform
-Develop and implement tools that assist with execution of security assessments, including custom tools and automation
-Assist with development of custom proof of concept attack payloads and exploits
-Perform threat and vulnerability research to identify new and fasters techniques for security issue identification, triaging, and remediation
-Act as a source for innovation within the cybersecurity industry
-Willingness to work non-standard hours, if necessary (e.g. Red Team engagements, platform support, etc.)

-7+ years of professional software engineering or security engineering experience
-Strong understanding of and experience with agile software development:
--Web applications (e.g., Java, Node.js, PHP)
--Modern JavaScript, HTML, and CSS
--Cloud (e.g., AWS or GCP)
-Progressive experience with security assessment and red teaming, or experience remediating and defending against threat vectors
-Track record of collaboration with a variety of internal and external stakeholders
-Demonstrated leader with team-oriented interpersonal skills, with the ability to interface effectively with upper management, IT leadership and technology vendors
-Strong written and verbal communication skills

Experience with:
-Operating system and software vulnerability identification and exploitation techniques
-Web and mobile application vulnerability identification and exploitation techniques
-Malware packing, obfuscation, persistence, and data exfiltration techniques
-Security technologies such as firewalls, IDS/IPS, web proxies and DLP amongst others
-Commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
-GIAC certification a plus, e.g. GSEC, GPEN, GWAPT, GXPN

-Top-tier Health Benefits
-401k + Match
-Profit Sharing (after 12 months)
-Training / Conference Budget
-Flexible Work Schedule
-Remote Culture

-Remote (Americas – United States of America)

-Minimal <5%

-Christopher Emerson