Expert Penetration Tester (Remote Option*)

Become a Part of the NIKE, Inc. Team

NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At NIKE, Inc. it's about each person bringing skills and passion to a challenging and constantly evolving game.

NIKE is a technology company. From our flagship website and five-star mobile apps to developing products, managing big data and providing leading edge engineering and systems support, our teams at NIKE Global Technology exist to revolutionize the future at the confluence of tech and sport. We invest and develop advances in technology and employ the most creative people in the world, and then give them the support to constantly innovate, iterate and serve consumers more directly and personally. Our teams are innovative, diverse, multidisciplinary and collaborative, taking technology into the future and bringing the world with it.

The Expert Penetration Tester is part of Corporate Information Security, Security Operations organization and participates in the attack surface management of global computing assets. This person is responsible for guiding a team of offensive professions during their security testing of Nike technology, coordination with team members regarding their findings and completion of day to day tasks associated with penetration test program.

JOB RESPONSIBILITIES
- Lead Nike's Red Team through all due care, Purple, and Red Team operations

- Ensure the Nike external charge surface and critical internal assets are regularly tested

- Liaise with partners to schedule and scope a full calendar of due care penetration tests in web application, API, mobile and network spaces.

- Plan and complete Red Team operations to exercise and validate Nike's ability to prevent, detect and respond to adversaries

- Plan and complete Purple Team operations in coordination with Nike's Cyber Defense Center and Incident Response teams to validate Blue Team monitoring, detection, and response capabilities

- Review reports for penetration tests, Red engagements and Purple engagements to ensure consistent quality and tone

- Provide mentoring and training to junior members of penetration testing and the larger Charge Surface Management team

- Collaborate with and support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence

- Compose and maintain policy as well as operational process documentation

QUALIFICATIONS
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related field or equivalent experience

- 8+ years of professional experience in an offensive security specialty such as penetration testing or red team operations

- Solid grasp of a variety of technical concepts such as: application development, networking, systems administration, and information security practices

- Strong web application development, security flaw and remediation understanding

- Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet bring together, debugging and API interaction

- Experience with common command and control (C2) frameworks

- Knowledge of the MITRE ATT&CK framework

- Strong verbal and written communication skills to clearly convey concepts to technical and nontechnical audiences

- Experience and knowledge of performing security tasks within cloud environments such as AWS, Azure and Ali Cloud

- Ability to develop strong working relationships with a variety of other enabling teams.

- Self-motivated and operates with a high sense of urgency and a high level of integrity

STRONGLY PREFERRED
- An outstanding background in broader IT fields prior to acquiring a security focus: developer, technical support, network, or system administration

- Certifications focused in offensive security realms such as Offensive Security Certified Professional/Guide (OSCP/E) as well as certifications in broader security topics such as Certified Information Systems Security Professional (CISSP)

- Previous experience working in large scale environments with diverse technologies

- Ability to automate technical tasks through use of APIs or scripting

*Remote work option - open to remote work except cannot work in the following locations: SD, VT, and WV. These candidates will be required to relocate. For employees based in Colorado, this position starts at $163,000 per year. Information about benefits can be found here .

Nike requires all applicants for this position to be vaccinated for COVID-19 as a condition of hire, unless otherwise required by law. As an equal opportunity employer, Nike will make accommodations to individuals who cannot be vaccinated in accordance with applicable law.

NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.

NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.