Penetration Tester (Red Team), Information Security 6/4/2020
Redwood City, CA
JOB DESCRIPTIONAPPLY Penetration Tester (Red Team), Information Security
Equinix is one of the fastest growing data center companies, growing connectivity between clients worldwide. That s why we're always looking for creative and forward-thinking people who can help us achieve our goal of global interconnection. With 200 data centers in over 24 countries spanning across 5 continents, we are home to the Cloud, supporting over 1000 Cloud and IT services companies that are directly engaged in technological innovation and development. We are passionate about further evolving the specific areas of software development, software and network architecture, network operations and complex cloud and application solutions.
At Equinix, we make the internet work faster, better, and more reliably. We hire talented people who flourish solving hard problems and give them opportunities to hone new skills, try new approaches, and grow in new directions. Our culture is at the heart of our success and it s our authentic, humble, gritty people who create The Magic of Equinix. We share a real passion for winning and put the customer at the center of everything we do.
A Red Team Penetration Tester (Pen Tester) is responsible for securing Equinix s digital assets, through active hunting and identification of threats and vulnerabilities, in our environment, that are not detected by traditional vulnerability scanning. The Pen Tester should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications and operating system functionalities, and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations.
* Perform network penetration, web, mobile and business application testing, source code reviews, threat analysis, wireless network assessments, OT/IoT security assessments, and social-engineering assessments
* Develop comprehensive and accurate reports and presentations for both technical and executive audiences
* Effectively communicate findings and remediation strategies to business stakeholders including technical staff, executive leadership, and legal counsel
* Recognize and safely utilize attacker tools, tactics, and procedures
* Develop scripts, tools, or methodologies to enhance Equinix s red teaming processes
* Bachelor's degree in Computer Science, MIS, or related degree preferred
* 3-5 years experience in at least three of the following:
* Network penetration testing and manipulation of network infrastructure
* Web, mobile and/or business application assessments
* OT/IoT security assessments
* Email, phone or physical social-engineering assessments
* Shell scripting or automation of simple tasks using Perl, Python or Ruby
* Developing, extending, or modifying exploits, shellcode or exploit tools
* Developing applications in C#, ASP, .NET, ObjectiveC, or Java (J2EE)
* Reverse engineering malware, data obfuscators, or ciphers
* Source code review for control flow and security flaws
* Strong knowledge of tools used for wireless, web application, IoT/OT and network security testing
* Thorough understanding of network protocols, ICS/SCADA/Bacnet protocols, data on the wire, and covert channels
* Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
* Experienced in utilizing various SIEM (e.g. Azure Sentinel, Splunk, Elastic) and EDR (e.g. CrowdStrike, SentinelOne, Microsoft ATP) tools for threat hunting
* Strong knowledge of security controls and services in AWS, GCP and Azure cloud platforms
* Background and knowledge of general security concepts, such as defense-in-depth, MITRE ATT&CK framework, and security architectures
* Preferred certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN
* Ability to document and explain technical details in a concise, understandable manner
* Ability to manage and balance own time among multiple tasks, and mentor junior staff when required
Equinix is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with disability.