Job Location

San José

Job Description

Are you a person who is passionate about breaking applications, devices, services and/or processes to help protect them against the worlds most advanced cyber security adversaries?

The Information Security Protect organization at Procter & Gamble is responsible for providing a realistic depiction of threat actor behaviors and scenarios during simulated exercises. We drive improvements to applications and systems, as well as detection and response capabilities through regular testing of security controls across the enterprise.

Responsibilities:

• Consult, design, and execute adversary simulation scenarios.

• Perform manual penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities.

• Work with cross functional teams to develop remediation suggestions based on scenario outcomes.

• Report observations using a standardized reporting structure.

• Bypass preventative and detective security controls to accomplish scenario goals.

• Conduct research into real-world threat actor tactics, techniques, and procedures to develop proof of concept tools.

• Investigate findings from our Bug Bounty program.

• Partner with Cyber Defense Protect, Detect and Respond teams to operationalize new Cyber Security concepts and processes.

Job Qualifications

Required:

• BA or BS degree in Information Security, Cyber Security, Computer Science, or related field.

• 2+ years of meaningful experience required..

• English B2+

• Scripting and programing skills in at least 1 language (Python, PowerShell, C#, Assembly languages, etc.)

• Experience in exploiting weaknesses in 1 or more of the following domains: enterprise applications, web applications, mobile applications, databases, infrastructure, IoT devices, network and cloud infrastructure, server, mainframe, and directory services.

• Strong analytical skills, able to leverage complex data to identify opportunities, recognize problems, and draw logical conclusions.

• A basic familiarity with multiple operating systems, minimally Windows and Linux. 

• A basic understanding of network architecture, or how networks operate in general.

• Oral and written communication skills.

Preferred:

• One or more penetration testing certifications (OSCP, OSWE, GPEN, GXPN, GWAPT, etc.).

• Publicly released tools or modules.

• Experience in CTF competitions or Bug Bounty programs.

• Experience in mobile (iOS/Android) application development/assessment.

• Experience in Internet of Things (IoT) security and exploitation.

What we offer!

• We’ll give you responsibilities as of Day 1 – you will feel the ownership of your project from the beginning, and you will be given specific projects and responsibilities

• You’ll have continuous mentorship – you will work with passionate people and receive both formal training as well as day-to-day mentoring from your manager

• We offer you to work and be part of a dynamic and supportive environment

• We promote agility and work/life balance for employees, we value every individual and support initiatives, promoting.

• We love flexibility. You can arrange your work schedule based on your personal needs.

• We will let you experience true support for work/life effectiveness and your long-term well-being.

• We will give you a competitive salary and benefits’ package.

Job Schedule

Full time

Job Number

R000088089

Job Segmentation

Experienced Professionals (Job Segmentation)