Cloud Offensive Security Analyst (Contract with potential to hire)

Everyone thinks their SaaS is secure–or at least, not their problem. If you know differently, we want to talk to you. This role is fully remote, part time, and must be US-based. We are looking for someone who sees the cloud as distributed internal infrastructure for all companies and understands where the cracks are in the facade of perfect multifactor authentication and risk transfer mechanisms. If you think internal network diagrams and data retention policies are entertaining fiction but also a good place to start, and you like working with people who respect your expertise and clients who will appreciate your perspective, please reach out.

Please have some expertise with at least 60% of the following.

  • Cloud infrastructure security and container security, such as common guest-to-host escapes and how to monitor for and exploit out of date configs

  • Knowledge of common SaaS security postures, like where to find the white paper that major service providers will offer up instead of actually giving permission to pentest them as a third party provider to contracts.

  • Relating to clients on their needs, and not just doing cool hacks. Bonus for visual storytelling.

  • Write well-designed, testable scripts (or at least have a philosophy about why you do what you do)

  • Document and maintain testing scripts and respect the versioning of our testing platform.

  • Some technologies we’re happy to see you have experience with might include: Python, ZAP, Burpsuite, VMWare, Google Cloud Platform, DNS, ansible, puppet, chef, AWS, ELK Stack, Splunk, Kibana, and we’re thinking more and more about Jupyter Notebooks as a storytelling device for clients if you like narrating your way through test results.

Please send your resume and/or any public code samples you’d like to share here.