Staff Offensive Security Engineer- Cloud and Infrastructure

We’re seeking a talented Staff Offensive Security Engineer with hands-on offensive cloud and infrastructure security experience. The right candidate will be knowledgeable, passionate about finding security threats, energetic, and thrive in a fast-paced environment. You’ll work alongside technical product managers and security engineers passionate about building highly scalable products. Your offensive security contributions will be critical to shaping our overall security and compliance strategy. 

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and, most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development and countless opportunities to experiment and master your craft in a hyper-growth environment.
• You’re energized by our opportunity: Our vision to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best. 

Click here to learn about what we value at Samsara. 

In this role, you will: 

• Propose and lead penetration testing plans and offensive security exercises for different components of the product stack. Prove and document the exploitation of high-complexity security issues.
• Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weaknesses
• Design controls and improvements to sharpen our capabilities to defend against attackers in close cooperation with the teams responsible for implementing them.
• Document and present results to various target audiences, ranging from highly technical engineers over non-technical subject matter experts to executive leadership.
• Perform technical security assessments, code audits, design reviews, and Red team exercises.
• Contribute to developing tools and automation programs, security analysis, and testing automation projects.
• Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, and Win as a Team) as we scale globally and across new offices

Minimum requirements for the role:

• Ability to scope engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
• Report generation that clearly communicates testing and assessment details, results, and remediation recommendations
• Significant (8+ years) experience working in offensive/red team security
• Willingness to collaborate and mentor security engineers via documentation writing, code pairing, and other activities.

An ideal candidate also has the following:

• Hands-on practical Offensive Cybersecurity certifications (Sec+, OSCP, OSWE, eJPT, Pentest+, eCPPT, eWPT, GIAC, etc.) or equivalent. 
• Cloud certifications (CCP, SAA, SAP, AWS Security Specialty, etc.) or equivalent. 
• Strong programming skills; GO, C++, C#, Java, and/or object-oriented programming.
• Embedded Linux experience a plus