Senior Penetration Tester

Fastly is looking for an Offensive Security Engineer to join our Discovery and Advancement Team. This person will be responsible for leading penetration tests and security reviews for core Fastly applications and APIs. You will be responsible for discovering vulnerabilities at Fastly and have a consistent track record of doing this over your career. In addition to finding new bugs, you will be called upon to demonstrate your offensive security knowledge and penetration testing experience during Red Team exercises, with the goal of improving Fastly’s security posture and strengthening our security incident response program. 

This is a role which has a high impact on human lives. You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You’ll make sure our customers benefit from services built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences, submit to bug bounties and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work.

What You'll Do

• Collaboratively plan, scope, prioritize, and execute offensive security engagements against Fastly applications and systems. 
• Integrate offensive security into security development lifecycle 
• Research, reproduce and respond to various security vulnerabilities reported to Fastly 
• Participate in purple-team exercises to improve efficacy of internal security programs 
• Apply and improve automated vulnerability discovery infrastructure, including continuous fuzzing 
• Work Hours: 
  
  • Salaried Position / General Working Hours: This position will require you to be available during core business hours.

What We're Looking For

Basic Qualifications:

• Experience in identifying and exploiting vulnerabilities in web applications, client/server applications, and network infrastructure. 
• Experience performing network penetration tests including performing manual and automated scans, configuring and running scanning tools, and interpreting and writing up results
• Demonstrated ability to develop test approach and plan based on architecture review and considering application business purpose, data flows and interfaces/integrations with other systems.
• Experience in security assessment of networked systems and protocols.
• Experience in security assessment of emerging web protocol and technology development (network protocols, browser technology, etc.)
• Experience scoping and performing security assessments independently and in collaboration with key stakeholders 
• Experience with Linux based systems and production environments 
• Proven ability to work within a collaborative, cross-functional environment and mentor and develop the next generation of strong security engineers.
• Strong communication skills; proven ability to effectively communicate security risks
• High emotional intelligence. Fastly teams care about one another, collaborate regularly and are part of a people first organization

Preferred Qualifications:

• Experience with the x86/x64 low level architecture and the ability to conduct vulnerability research against applications compiled for that architecture using code-assisted discovery techniques
• Experience reviewing source code for control flow and security flaws
• Involvement in the open source community
• History of involvement in security organizations, events, and conferences

Salary

The estimated salary range for this position is $155,370 to $194,210.

Starting salary may vary based on permissible, non-discriminatory factors such as experience, skills, qualifications, and location. This role may be eligible to participate in Fastly’s equity and discretionary bonus programs.

Benefits

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings?

U.S. Role:

• We offer a comprehensive benefits package including medical, dental, and vision insurance. Family planning, mental health support along with Employee Assistance Program, Insurance (Life, Disability, and Accident), company paid holidays, paid time off and paid sick leave are there to help support our employees. We also offer 401(k) (including company match) and an Employee Stock Purchase Program.

COVID Travel Policy 

Fastly is committed to safeguarding the health and well-being of our employees. Therefore, new hires may be required to be fully vaccinated against COVID-19 if the role requires business-related travel, in-person meetings, attending large events and working in an office location, unless a reasonable accommodation is approved or if prohibited by local law.