Teradata Staff Offensive Security Researcher in San Diego, California
Staff Offensive Security Researcher
The offensive security group is the research and assurance arm of the Product Security Team. While the larger team provides security guidance to the product development teams, our group is tasked with ensuring that guidance is carried out and executed effectively. Through a variety of security assessments, we endeavor to provide valuable assistance to Teradata in understanding what threats exist and what their realistic impact to our products and services can be. We encourage research projects and conference presentations to show Teradata is an industry leader in security. From in depth code analysis and exploit development to wide scope full scale adversary simulation, the offensive security group will be pushing boundaries to provide a safer and more secure environment for Teradata’s customers and employees alike.
As a Staff Offensive Security Researcher, you will be a key contributor to all aspects of the Teradata offensive security program. Every day is different as we strive to identify security risks, automate repeatable tasks and processes, and support our product teams as they build secure, next-generation analytics toolsets. A participant in architecture and design meetings, your alternative perspective will ensure robust and hardened products. You will design and execute a variety of security assessments, including penetration test, vulnerability assessments, and red team operations to explore and demonstrate potential threats and highlight risk. As part of a small and diverse team of experts in their field you will be learning and growing on a daily basis. You will provide valuable insight to senior members of teams across Teradata, helping them to develop a security first mindset.
Lead threat model reviews and provide alternative perspective on potential security concerns
Conduct wide range of internal security assessments using architecture and threat model documents to identify and exploit product security flaws before public release
Act as liaison between external penetration testing firms and internal product teams to ensure low friction, high value external engagements
Assist product teams in remediation efforts by clarifying finding details and identifying best practice fixes or mitigations
Participate in working groups to evaluate and refine secure development lifecycle strategies and procedures
Evaluate existing automated security scanning tools, or develop when practical, to identify vulnerabilities in continuous test environment to eliminate potential of repeat findings over multiple tests
Contribute to and support effort to build intellectual property via patents
Design and present developer security education
Conduct security assessments such as penetration tests, vulnerability assessments, and red team operations
Write and present detailed reports with findings and remediation recommendations, with both technical and non-technical staff as audience
Excellent written and verbal communication skills
Ability to communicate effectively with business representatives in explaining findings clearly and where necessary, in layman's terms
Knowledge of networking fundamentals (all OSI layers)
Knowledge of the Windows and *NIX operating systems to include boot process through understanding of the execution flow of boot time processes
Knowledge of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, etc
Ability to automate tasks using a scripting language (Python, Ruby, etc)
Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
Familiarity with common reconnaissance, exploitation, and post exploitation frameworks
Knowledge of conducting physical security penetration testing in small independent teams
Knowledge of malware packing and obfuscation techniques
Ability to perform targeted penetration tests without use of automated tools
Ability to read multiple programming and scripting languages
Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work
5+ years in an offensive security position or 8+ years in security
Advanced Penetration testing focused certifications preferred (OSCE, GXPN, GWAPT, eWPTX, ECPTX)
*Our total compensation approach includes a competitive base salary, 401(k), strong work/family programs, and medical, dental and disability coverage.
Teradata is an Equal Opportunity/Affirmative Action Employer and commits to hiring returning veterans.