Senior Web and Cloud Penetration Tester
At ZoomInfo we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. If you are in charge, take initiative, get stuff done individually we want to talk to you! We have high aspirations for the company and are looking for the right people to help fulfill the dream. We strive to continually improve every aspect of the company and use cutting edge technologies and processes to delight our customers and rapidly increase revenues.
We are looking for a successful Web Application and Cloud Penetration Tester at ZoomInfo should possess a deep understanding of both information security and computer sciene. You should understand concepts such as API scanning, Fuzzing, Remote Code Execution, Broken Access Control, cloud networking, identity and access management, console, applications, functions, other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. A typical job could be breaking into a frontend/backend/management application hosted in the cloud, lateral movement within the cloud environment, accessing sensitive information or compromising the environment, all without being detected.
If you can exploit at scale while remaining stealthy, identify and exploit misconfigurations in cloud infrastructure, web applications, parse various types of output data, present relevant data in a digestible manner, think well outside the box, or are astute enough to quickly learn these skills, then you’re the type of consultant we’re looking for.
You will be part of ZoomInfo’s global cyber security team and more specifically an elite offensive team reporting to the head of Offensive Security at ZoomInfo.
You are expected to quickly assimilate new information as you will face new environments on a recurring basis. You will be expected to understand the applicable threat vectors for each environment and assess them properly. You will get to work with some of the best red teamers in the industry, enabling you to develop new skills as you progress through your career. Are you up to the challenge?
Perform cloud and web/mobile application penetration testing, remediation activities, and threat analysis assessments.
Effectively communicate findings to relevant stakeholders.
Recognize and safely utilize attacker tools, tactics, and hacking techniques.
Develop scripts, tools, or methodologies to enhance ZoomInfo’s red teaming processes in scale.
1-2 years experience in the following:
GCP, AWS or Kubernetes
Strong knowledge of Cloud hosted applications, Storage containers, Databases, Functions, Logging, APIs, etc.
Cloud penetration testing and manipulation of web applications and cloud infrastructure
Application architecture design and code review
Thorough understanding of network protocols, data on the wire, and covert channels
5-7 years experience in the following:
Shell scripting or automation of simple tasks using Python or nodeJS
Developing, extending, or modifying exploits or exploit tools
Function code review for control flow and security flaws
Strong knowledge of tools used for cloud and web application security testing
Web and mobile penetration testing while most of the time focused on assessing cloud environments, both public or private ones.
Ability to successfully interface with key internal stakeholders
Ability to document and explain technical details in a concise, understandable manner
Security Architecture experience
Incident Response/Incident Remediation experience
Knowledge of CI/CD products, such as Jenkins, Gitlab CI/CD, bitbucket CI/CD and GCP Cloud Build
Knowledge of tools such as Terraform integrated with cloud-based CI/CD products
For over a decade, ZoomInfo has helped companies achieve their most important objective: profitable growth. Backed by the world's most comprehensive B2B database, our platform puts sales and marketing professionals in position to identify, connect, and engage with qualified prospects.
Our mission is to provide every company with a 360-degree view of their ideal customer, empowering each phase of their go-to-market strategy and driving their ability to hit their number.