White Oak Security is seeking a Senior Software Engineer – Security Platform. You will focus on full stack application development and maintenance of White Oak Security’s proprietary security engagement platform. This platform allows White Oak Security consultants to rapidly generate security engagement project reports, and provides clients secure access to review these reports through an intuitive interface.
As White Oak Security continues to push the boundaries of offensive security, this pivotal role will continue that tradition by enabling our trusted clients to more rapidly identify, prioritize and remediate security issues.
You have a proven track record of security-focused application development and/or security engagement delivery with a deep understanding of application software.
You are nimble in your analysis and find opportunities for innovative solutions that benefit everyone You may also periodically conduct penetration testing and red teaming exercises.
At White Oak Security, we love what we do, and we want to provide a place where talented professionals can thrive.
Our people are our first priority. We want our employees and their families to be happy — this has allowed us to bring together the best talent and drives everything we do.
We enjoy a caring and happy culture where people feel valued. It’s important that our team members enjoy what they do and have the curiosity to keep learning.
Our team values true depth of knowledge which translates into quality. We believe in delivering comprehensive solutions and actionable reports.
We want to do the right thing and offer services that do the most good. Our clients want someone they can trust with their sensitive data and who will support them through anything.
- Improve and evolve security engagement platform
- Develop and implement tools that assist with execution of security assessments, including custom tools and automation
- Assist with development of custom proof of concept attack payloads and exploits
- Perform threat and vulnerability research to identify new and fasters techniques for security issue identification, triaging, and remediation
- Act as a source for innovation within the cybersecurity industry
- Willingness to work non-standard hours, if necessary (e.g. Red Team engagements, platform support, etc.)
- 3+ years of professional software engineering or security engineering experience
- Strong understanding of and experience with agile software development:
- Web applications (e.g., Java, Node.js, PHP)
- Cloud (e.g., AWS or GCP)
- Progressive experience with security assessment and red teaming, or experience remediating and defending against threat vectors
- Track record of collaboration with a variety of internal and external stakeholders
- Strong written and verbal communication skills
- Experience with:
- Operating system and software vulnerability identification and exploitation techniques
- Web and mobile application vulnerability identification and exploitation techniques
- Malware packing, obfuscation, persistence, and data exfiltration techniques
- Security technologies such as firewalls, IDS/IPS, web proxies and DLP amongst others
- Commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
- Top-tier Health Benefits
- 401k + Match
- Profit Sharing (after 12 months)
- Training / Conference Budget
- Flexible Work Schedule
- Remote Culture
Remote (Americas – United States of America)
Minimal – <5%