It's fun to work in a company where people truly believe in what they're doing. At Workday, we're committed to bringing passion and customer focus to the business of enterprise applications. We work hard, and we're serious about what we do. But we like to have a good time, too. In fact, we run our company with that principle in mind every day: One of our core values is fun.
Workday's Security team is looking for a senior penetration tester that can lead tactical, offensive assessments of our environments. This individual should be well versed in doing in-depth assessments that go beyond simply identifying vulnerabilities and should have extensive experience in reconnaissance, weaponization, exploitation and lateral movement. Candidates are expected to translate those skills into goal oriented assessments that positively benefit our prevention, detection and response capabilities. This person is a relentless and creative bug hunter, has a deep adversarial mindset, disciplined methodology, and willingness to constantly collaborate with some very bright security minds on both the offense (red) and defense (blue) sides.
What does a Senior Penetration Tester do at Workday?
* Lead offensive security capabilities for Workday, including building out a long term strategy and approach * Provide in depth threat analysis from an attacker's perspective * Build tooling to augment assessments, emphasis on open-sourcing * Perform scoped and open-ended assessments on internal and external facing systems * Perform research to identify new ways of achieving your mission, with an emphasis of open-sourcing wherever possible * Constantly test and probe our defense capabilities to identify gaps * Foster a Purple (Red + Blue) Team environment where security control efficacy can be measured and improved, increasing Workday's overall security posture
* A world class, cloud-based software platform * A team of fun security ninjas to work with * Challenging but fulfilling projects that affect thousands of people * Ability to attend major security conferences and events * Ability to attend industry-leading training courses
* 5+ Years of relevant industry experience * Extensive experience performing penetration testing assessments * Extensive experience with the Cyber Kill Chain (Reconnaissance, Weaponization, Exploitation, Persistence, and Lateral Movement) * Experience in scripting and coding to augment toolsets for engagements * Strong networking knowledge, including network virtualization technologies * Strong knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems * Strong knowledge of attack surfaces for common enterprise systems and services
You May Also Have:
* Experience breaking and building secure development pipelines * Reverse engineering expertise to elevate your ability to identify vulnerabilities * Experience conducting social engineering or phishing engagements
Think you have what it takes? Apply! We'd love to hear from you.
Workday is a company providing enterprise cloud applications for finance and human resources.