Penetration Tester

Build the world's fastest Identity and Checkout products

Company Mission

Our mission is to make buying online faster, safer and easier for everyone. Fast Login and Fast Checkout enable a one-click sign-in and purchasing experience that makes it easier for people to buy and merchants to sell. The company's products work on any browser, device or platform to deliver a consistent, stress-free purchasing experience. Fast is entirely consumer-focused and invests heavily in its users' privacy and data security. Headquartered in San Francisco but open to a globally remote workforce, we are a founders-led, privately held company funded by Stripe, Index Ventures, Susa Ventures and other world-class investors.

We are committed to diversity and inclusion, and demonstrate our values through equitable pay, fantastic benefits, and access to all reasonable accommodations.

Summary

We are looking to expand our team by adding an accomplished Penetration Tester to design and build our Offensive Security Program. If you have deep experience setting up a mature penetration testing program, we want to talk to you!

Role

• Typical tasks include conducting and/or supporting authorized penetration testing on enterprise network and application assets, analyzing site/enterprise configurations
• Testing will be conducted on various systems on an as-needed basis across the enterprise and its offices
• Candidate will need to be able to perform assessment on various system including obtaining evidence and writing final assessment reports
• Working closely with Security Engineering and Product Engineering teams in red team - blue team exercises
• Maintain a risk ranked vulnerability assessment and work with other teams to remediate the highest risk vulnerabilities
• Required Skills - (We know that our wishlist is lengthy and encourage you to apply- the ideal candidate may not have everything, but will possess the desire to learn and passion for the company)
• Penetration testing principles, tools, and techniques (e.g., metasploit, Kali, etc.), and the ability to identify systemic security issues based on the analysis of vulnerability and configuration data
• Understanding of how traffic flows across the network (e.g., Transmission Control Protocol (TCP) and Internet Protocol (IP), Open System,Interconnection Model (OSI), Information Technology Infrastructure Library, v3 (ITIL))
• System and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay attack, return-oriented attacks, and malicious code)
• General attack stages (e.g., footprinting and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks, etc.)
• Experience pentesting containers (Docker) and container orchestration (Kubernetes or OpenShift or CloudFoundary or similar)
• Experience pentesting AWS, GCP, Azure public cloud infrastructure
• Network access, identity and access management (e.g., JWT or Public Key Infrastructure (PKI) or similar)
• Network protocols such as TCP/IP, Dynamic Host Configuration (DHC), Domain Name System (DNS), and directory services

Desired Skills

• Information Assurance (IA) principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
• Network security architecture concepts including topology, protocols, components, and principles (e.g., application of Defense-in-Depth)
• Knowledge of NodeJS, TypeScript, Golang, NoSQL and SQL programming languages
• Use of social engineering techniques
• Assessing the robustness of security systems and designs
• Good usage of case management tools and documentation processes
• Great customer service and enthusiastic attitude
• Fantastic communication

Bonus Skills

• CEH, OSCP or similar certification
• Experience in startup companies
• Any development experience
• Benefits and Perks- Because People Matter
• Comprehensive insurance (paid 99% by the company) with no deductible, and 10 dollar copays
• Globally remote with flexible work schedules to fit your needs
• Generous paid parental/family leave for all caregivers- up to 12 weeks
• 401k with match up to 4%

Equity grant

• People-focused PTO that you determine- time off is there when you want it, when you need it
• Frequent inclusive events scheduled to allow everyone to express their voice (or dance skills)
• Monthly exercise and internet stipends---and snacks