Senior Penetration Tester

Job Title: Senior Security Engineer I
Reports to: Threat and Vulnerability Management Lead
Job Location: San Diego, CA, USA
Job Status: Exempt, FT
About SHEIN
SHEIN is a global fashion and lifestyle e-retailer committed to making the beauty of fashion accessible to all. We use on-demand manufacturing technology to connect suppliers to our agile supply chain, reducing inventory waste and enabling us to deliver a variety of affordable products to customers around the world. From our global offices, we reach customers in more than 150 countries.
Founded in 2012, SHEIN has nearly 10,000 employees operating from offices around the world, with U.S. Headquarters located in Los Angeles and Global Headquarters located in Singapore. In SHEIN, we work with outstanding, creative, and capable peers. We share an energetic and open culture for capable people to discern, work and ignite as a team.
Position Summary
SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN's global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.
We are looking for Senior Penetration Tester (Official Title: Senior Security Engineer I), who will collaborate with and manage a team with the responsibility of validating the security posture of SHEIN's Infrastructure and Application. You will help validate security controls around web, cloud, mobile applications and associated network and backend resources for SHEIN Technology. Work with a team of security testing professionals to enhance existing service offerings and security testing capabilities and conduct hands on technical testing focused on identification of vulnerabilities and misconfigurations in cloud environments and web/mobile applications.
Job Responsibilities

• Will have in-depth of knowledge in secure coding principles, security architecture, hardening of operating systems, networking protocols, firewalls, databases and middleware applications, forensics, scripting and programing. You are expected to continuously improve your tradecraft through research and stay up to date with the continuously evolving threat landscape and attack techniques, tactics, and procedures.
• Act as the primary lead for cloud, web and mobile application security testing.
• Interface directly with executive leadership and technical staff to lead Penetration Testing engagements.
• Plan, coordinate, authorize, and execute threat intel informed penetration testing engagements; both short and long duration. Documenting your methodologies, and creating detailed reports about your findings.
• Create new testing methods to identify vulnerabilities.
• Collaborate with various stakeholders and teams e.g., Threat Intel, Blue Team, Vulnerability Management, Security Engineering etc.
• Conduct hands on web/mobile/cloud penetration testing and be well versed in full exploitation within multiple environments, including Windows, *nix and MacOS environments.
• Generate report findings, develop risk-appropriate and pragmatic recommendations to correct identified flaws, vulnerabilities and misconfigurations, and track implementation through to completion.
• Communicate findings and strategy effectively to client stakeholders, including technical staff, executive leadership, and legal counsel.
• Define and maintain a set of Standard Operating Procedures (SOP), Rules of Engagement (ROE), Methodologies and checklist for various Penetration Testing domains.
• Utilize attacker tools, tactics, and procedures to perform analysis and identify vulnerabilities.
• Procure, develop, maintain and refine an inventory of security tools needed for various operations.
• Assist in analyzing crowd-sourced public vulnerability via our disclosure program to direct testing efforts.

Job Requirements

• B.S. or M.S. in Computer Science or relevant certification.
• 5+ years of industry experience in:
• Well-rounded background in Penetration Testing (i.e., Cloud, Web-application, mobile application and various network ecosystems)
• Performing, overseeing, improving and providing feedback on the Penetration Testing services offered
• Designing a program and creating Standard Operating Procedures, Rules of Engagement, Testing Methodologies etc.
• Conducting advanced penetration testing exercises (Network, Web Application, Mobile and Cloud)
• Ability to think holistically, drive large scale efforts as a SME, promote automation for efficiency and coverage
• Experience working with regulatory compliance efforts e.g., PCI etc.
• Experience in at least one coding language: C/C++, C#, Python, Perl, Ruby, Bash, Java, HTML, Javascript, PHP, ASP, ASPX.
• Experience in various Operating Systems: Windows, *nix, MacOS, Android, iOS.
• Experience with tools like Burp Suite Pro, SQLMap, Frida, Objection, Android Studio, XCode, MobSF, Drozer.
• Knowledge of public cloud platforms (preferably OCI, Azure and AWS) and frameworks like OWASP Top 10 Web and Mobile.
• Experience with common testing frameworks, such as the MITRE ATT$CK framework
• Experience with tools used to perform Dynamic Application Security Testing (DAST) or Static Application Security Testing (SAST)
• Possess one of the following certifications:
• Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)
• CompTIA PenTest+
• Information Assurance Certification Review Board (IACRB) Certified Penetration Tester (CPT)
• EC-Council (ECC) Certified Ethical Hacker (Master) (C|EH [Master])
• GIAC Web Application Penetration Tester (GWAPT)
• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• GIAC Mobile Device Security Analyst (GMOB)
• GIAC Assessing and Auditing Wireless Networks (GAWN)
• GIAC Cloud Penetration Tester (GCPN)
• Certified Mobile and Web Application Penetration Tester (CMWAPT)
• Certified Expert Penetration Tester (CEPT)
• Certified Red Team Operations Professional (CRTOP)
• Certified Reverse Engineering Analyst (CREA)
• Offensive Security
• Offensive Security Certified Professional (OSCP)
• Offensive Security Experienced Penetration Tester (OSEP)
• Offensive Security Wireless Attacks (OSWA)
• Offensive Security Web Expert (OSWE)
• Offensive Security Exploitation Expert (OSEE)
• Certified Penetration Tester (CPENT)
• Licensed Penetration Tester (LPT)
• Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, blogs, publications, speaking at conferences etc.
• Experience with infrastructure automation, server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, cross functional collaborations
• Experience working with security technology and products such as Firewalls, IDS, IPS, VPC, CSPM
• Having a good understanding of Cloud vulnerabilities and how to address them
• Effective communicator with experience of working in a fast-paced dynamic environment, where prioritization is key to success

Pay
$107,600.00 min - $180,200.00 max annually. Bonus offered.
Benefits and Culture
Healthcare (medical, dental, vision, prescription drugs)
Health Savings Account with Employer Funding
Flexible Spending Accounts (Healthcare and Dependent care)
Company-Paid Basic Life/AD&D insurance
Company-Paid Short-Term and Long-Term Disability
Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)
Employee Assistance Program
Business Travel Accident Insurance
401(k) savings plan with discretionary company match and access to a financial advisor
Vacation, Paid holidays and sick days
Employee Discounts
Perks (HQ Location)
Free weekly catered lunch at HQ
Dog-Friendly office
Free Gym Access at HQ
Free Swag Giveaways
Annual Holiday Party
Invitations to pop-ups and other company events
Complimentary daily office snacks and beverages
Free Shuttle Service from HQ to LA Union Station
SHEIN Distribution is an equal opportunity employer committed to a diverse workplace environment.