Senior Web and Cloud Penetration Tester
At ZoomInfo we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. If you are in charge, take initiative, get stuff done individually we want to talk to you! We have high aspirations for the company and are looking for the right people to help fulfill the dream. We strive to continually improve every aspect of the company and use cutting edge technologies and processes to delight our customers and rapidly increase revenues.
We are looking for a successful Web Application and Cloud Penetration Tester at ZoomInfo should possess a deep understanding of both information security and computer science. You should understand concepts such as API scanning, Fuzzing, Remote Code Execution, Broken Access Control, cloud networking, identity and access management, console, applications, functions, other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. A typical job could be breaking into a frontend/backend/management application hosted in the cloud, lateral movement within the cloud environment, accessing sensitive information or compromising the environment, all without being detected.
You will be part of ZoomInfo’s global cyber security team and more specifically an elite offensive team reporting to the head of Offensive Security at ZoomInfo
As Penetration Tester at Zoominfo:
- You’ll be part of the security team of one of the world’s largest and fastly growing SaaS companies.
- You’ll be running penetration testing for high complex multi cloud, micro services, big data environment.
- You’ll be running penetration testing for cutting edge technologies involving cloud (multi cloud - AWS and GCP) , AI, BigData, Machine Learning and more.
- You’ll work with engineers across the globe, providing them security feedback on their deliverables and helping them to do their job in a secure manner.
- You’ll be part of a global team of security experts in the US and Israel.
- Perform cloud and web/mobile application penetration testing, remediation activities, and threat analysis assessments.
- Effectively communicate findings to relevant stakeholders.
- Recognize and safely utilize attacker tools, tactics, and hacking techniques.
- Develop scripts, tools, or methodologies to enhance ZoomInfo’s red teaming processes in scale.
1-2 years experience in the following:
- GCP, AWS or Kubernetes
- Strong knowledge of Cloud hosted applications, Storage containers, Databases, Functions, Logging, APIs, etc.
- Cloud penetration testing and manipulation of web applications and cloud infrastructure
- Application architecture design and code review
- Thorough understanding of network protocols, data on the wire, and covert channels
5-7 years experience in the following:
- Shell scripting or automation of simple tasks using Python or nodeJS
- Developing, extending, or modifying exploits or exploit tools
- Function code review for control flow and security flaws
- Strong knowledge of tools used for cloud and web application security testing
- Web and mobile penetration testing while most of the time focused on assessing cloud environments, both public or private ones.
- Ability to successfully interface with key internal stakeholders
- Ability to document and explain technical details in a concise, understandable manner
- Security Architecture experience
- Incident Response/Incident Remediation experience
- Knowledge of CI/CD products, such as Jenkins, Gitlab CI/CD, bitbucket CI/CD and GCP Cloud Build
- Knowledge of tools such as Terraform integrated with cloud-based CI/CD products
- OSWE/OSCP/CCSP/CISSP certifications
The US base salary range for this position is between $120,000 - $165,000 + bonus + equity + benefits.
Actual compensation offered will be based on factors such as the candidate’s work location, qualifications, skills, experience and/or training. Your recruiter can share more information about the specific salary range for your desired work location during the hiring process. We want our employees and their families to thrive. In addition to comprehensive benefits we offer holistic mind, body and lifestyle programs designed for overall well-being. Learn more about ZoomInfo benefits here.
ZoomInfo (NASDAQ: ZI) is the trusted go-to-market platform for businesses to find, acquire, and grow their customers. It delivers accurate, real-time data, insights, and technology to more than 35,000 companies worldwide. Businesses use ZoomInfo to increase efficiency, consolidate technology stacks, and align their sales and marketing teams — all in one platform.ZoomInfo may use a software-based assessment as part of the recruitment process. More information about this tool, including the results of the most recent bias audit, is available here.ZoomInfo is proud to be an Equal Opportunity employer. We are committed to equal employment opportunity for applicants and employees regardless of sex, race, age, color, national origin, sexual orientation, gender identity, marital status, disability status, religion, protected military or veteran status, medical condition, or any other characteristic or status protected by applicable law. At ZoomInfo, we also consider qualified candidates with criminal histories, consistent with legal requirements.