Senior Security Engineer (Pen Tester)

Senior Security Engineer (Pen Tester) Menlo Security's https://www.menlosecurity.com/ mission is enabling the world to connect, communicate and collaborate securely without compromise. COVID-19 has made our mission all the more real. We support customers across various enterprises including Fortune 500 companies, 9/10 of the largest global banks and the Department of Defense. The world has fundamentally changed. We are growing from 400 employees into the next phase of our journey, and we need passionate talent filled with empathy and agility. The right candidate for the job is ethical, hyper-organized, fanatical about seeing things through to completion, service-oriented, and humble enough to take feedback and coaching yet confident enough to provide feedback and coaching. Menlo is well-funded for growth and our investors are second to none. They include Vista Equity Partners (“Vista http://www.vistaequitypartners.com/?utm_source=vistapressrelease&utm_campaign=menlosecurity”), General Catalyst, JPMC, American Express, HSBC, and Ericsson Ventures. Role Overview We are seeking a forward-thinking Security Engineer to join our team, focusing on offensive and defensive security, the penetration testing of product features, and the cloud architecture supporting the product. In this role, you will operate across a complex, multi-cloud environment (AWS & GCP) comprising both traditional VMs and modern managed and unmanaged container-based architectures. In this focused role, you will partner with other security (Penetration Tester and Cloud Security) engineers to execute targeted assessments during specific windows of the product testing phase immediately prior to release. Success requires you to stay synchronized with the product roadmap and develop a deep technical mastery of new features, enabling you to independently configure environments and test thoroughly within tight timelines. Your responsibilities extend beyond the application layer to the Control Plane, where you will conduct rigorous infrastructure reviews to ensure that cloud configurations, IAM policies, and orchestration layers meet our security baselines. Your operational cadence is built on speed: you must identify, validate, and report vulnerabilities quickly to maintain release velocity. Additionally, you will serve as the frontline for external defenses, monitoring bug bounty pipelines and external reports to triage and respond to findings with professional precision. Key Responsibilities - Collaborative Penetration Testing (AWS & GCP): Work in tandem with a peer pentester to conduct deep-dive penetration tests of our products across our multi-cloud environment. - Control Plane: Review IAM policies, service configurations, and cloud-native permission structures. - Data Plane & Web UI: Execute dynamic testing against web interfaces and API endpoints. - Infrastructure Review: Assess the security posture of a hybrid infrastructure that mixes containers and Virtual Machines (VMs) infrastructures. - Vulnerability Reporting & Advisory: Triaging findings and creating clear, reproducible proofs-of-concept (PoCs). Collaborating with Product Teams to explain the risk. You may not be responsible for writing the fix or remediating the issue; your role is to ensure the product team understands what to fix. - AI-Augmented Security Assessments: Actively utilize AI and Large Language Models (LLMs) to automate reconnaissance, generate attack vectors, analyze configurations, and draft vulnerability reports. Fluency in prompt engineering for security contexts is essential. - Pipeline Management: Monitor bug bounty pipelines and external reports, validating findings and managing researcher communication Required Skills & Qualifications - Multi-Cloud Fluency: Demonstrate a deep architectural understanding of GCP and AWS . You should be capable of pivoting seamlessly between providers, performing manual configuration reviews of complex IAM/Resource hierarchies, and lev ... (truncated, view full listing at source)