Senior Security Engineer (Pen Tester)

Menlo Security's mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense.

About Us

The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching. Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners ("Vista"), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures.

Role Overview

We are seeking a forward-thinking Security Engineer to join our team, focusing on offensive and defensive security, the penetration testing of product features, and the cloud architecture supporting the product. In this role, you will operate across a complex, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures.

Key Responsibilities

• Collaborative Penetration Testing (AWS & GCP): Work in tandem with a peer pentester to conduct deep-dive penetration tests of our products across our multi-cloud environment.
• Partner with other security (Penetration Tester and Cloud Security) engineers to execute targeted assessments during specific windows of the product testing phase immediately prior to release.
• Conduct rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our security baselines.
• Identify, validate, and report vulnerabilities quickly to maintain release velocity.
• Serve as the frontline for external defenses, monitoring bug bounty pipelines and external reports to triage and respond to findings with professional precision.