Senior Penetration Tester

Build the future of data. Join the Snowflake team. As a member of the Product Security Penetration Testing team, you'll be responsible for finding vulnerabilities before the bad guys do, and raising the security bar across our suite of products. We are looking for a motivated, passionate security researcher who has a broad base of offensive security knowledge. Our ideal candidate wakes up each morning thinking about new ways to abuse and break software. Their goal is to identify relevant security risks and help the business understand them so they can build effective defenses and protect Snowflake customers and their data. RESPONSIBILITIES: Perform penetration testing engagements against a diverse cloud environment and find vulnerabilities in software, systems, and networks Develop tools, methodologies and infrastructure to support penetration testing engagements in a variety of cloud environments and novel platforms Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics Work with security and engineering teams to communicate findings, recommendations, and knowledge to key stakeholders Play a leadership role in building an App Sec program that has a wide scope and impact MINIMUM QUALIFICATIONS: 5+ years experience pen testing services deployed in public cloud infrastructure Solid understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc. Expert understanding of software security architecture and design, threat modeling, code review, and mitigations for common application security issues Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth Deep familiarity with current offensive security practices, bug bounty programs, CTFs, fuzzing, and other pen test tools and techniques Demonstrated ability to collaborate with other teams to achieve complex objectives PREFERRED QUALIFICATIONS: 7+ years experience working in an information security discipline Ability to find and exploit bugs in: C , Java, JavaScript, Go, and Python Kubernetes, AWS, GCP, or Azure Memory management, namespaces, cgroups, etc. Prior experience working in a high growth, cloud native technology company Fluency in one or more programming or scripting languages: Java, Python, C , Go Have read and are capable of implementing ideas from "Site Reliability Engineering", "Building Secure & Reliable Systems", or "Engineering Trustworthy Systems" Contributions to the security community, such as open source tools, research papers, conference talks, etc. Every Snowflake employee is expected to follow the company's confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company's data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.