The offensive security engineer is responsible for planning and executing tactical penetration testing and offensive security assessments against corporate assets and SurveyMonkey products. You will work with numerous company partners to plan and execute penetration tests, perform red/blue team activities, and prioritize remediations with engineering teams. You will also work with external partners including penetration testers, security auditors and bug bounty researchers to prioritize and assess findings. As an offensive security engineer, you will oversee end-to-end execution including planning, reconnaissance, vulnerability identification and exploitation, detailed technical and executive reporting, technical remediation and tracking for closure.

You will

• Perform adversarial simulations on both internet and internal assets, including wireless, web application, API, cloud and containers
• Evaluate the efficacy of existing detection and mitigation mechanisms and identify gaps in visibility, data, tools, and processes
• Perform penetration testing against SurveyMonkey assets and implement tools that help complete security assessments and red/blue teaming engagement
• Engage and educate engineering teams on penetration testing findings and application security best practices to help improve application security posture
• Review design proposals and threat models to ensure security is 'built in'
• Exploit vulnerabilities, document and track findings and work with various teams to improve the security of both our products and us

• Experience performing web application penetration testing assessments
• Knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems
• Knowledge of attack surfaces for applications, enterprise systems and services
• Experience in at least one of PHP, Python, Ruby, or Java
• 5+ years of experience conducting application security assessments and penetration tests
• Experience with bug bounty programs
• Experience gaining the trust of others through honesty, integrity, and authenticity

Momentive is a place where the curious come to grow and shape what's next. By embedding inclusion into our processes, policies, and culture for our 1,400+ employees across North America, Europe, and APAC, we're building a workplace where people of every background can excel. We've won multiple awards and received recognition for our forward-looking policies, including extended parental and bereavement leave, vendor benefits standards, and Take 4 sabbaticals.