VMware Sr. Offensive Security Engineer - Opportunity for Working Remotely in Helena, Montana
The VMware Engineering Services team ensures our internal and external customers enjoy a high-quality experience across the entire product portfolio. Our goal is to provide compelling, innovative, scalable, and seamless engineering services, which will protect VMware’s brand reputation by continually improving customer satisfaction.
We bring together key R&D functions such as build, performance, security, developer tools, and more. We work hand-in-hand with development teams to focus on product innovation and industry-leading solutions.
Our priorities include investing in R&D talent, sharing best practices, and driving scale and agility in VMware products.
Role and Responsibility
VMware products and services are used by many companies big and small and yet mission critical systems of the highest confidentiality and extreme interest to nation state actors are almost always VMware.
Security Engineers on this team are responsible for finding new vulnerabilities and analyzing externally reported vulnerabilities, developing exploits, utilizing exploit kits, providing vulnerability mitigations, virtual patches and workarounds, act as the technical reviewers for external security communications such as VMware Security Advisories, security response engineering and tools development.
Perform red team analysis of VMware products and cloud services. These are mostly software defined compute/network/storage, cloud security, end-user and cloud-native solutions.
Perform assumed breach and blast radius exercises and compose readiness plans
Enable Models for SOC to detect similar family of techniques
Make entire kill-chain understandable for an engineering audience (Principal Engineers and SREs) as well as Security Response
Methodically create/execute test plans and automate your efforts
Guide VMware Product Security, Threat Modeling and SOC on offensive security thinking
Deep understanding of MITRE ATT&CK framework, TTPs, OWASP top-10, SANS top-25
Understanding of Cloud and Cloud-native Architectures will greatly help (e.g., SDDC, SDN, Software-defined Storage, Containers and K8s)
Hands-on experience with various clouds like AWS, Azure, GCP
Abilities in one or more stages of initial compromise, privilege escalation, lateral movement and exfiltration while maintaining stealth
Expertise in tools like - Burpsuite , Zed Proxy, Metasploit, nmap, wireshark, Kali, Libfuzz, AFL, Encase
Understanding of forensic analysis, defensive techniques and reverse engineering are a plus
This role is fully remote and can be done anywhere in United States.
This job may require the candidate to comply with travel restrictions and/or work from a facility that requires full vaccination prior to entry. Further, depending on various factors, including legal challenges to the Executive Order on Ensuring Adequate COVID Safety Protocols for Federal Contractors, VMware may require employees to be fully vaccinated effective January 18, 2022.
Category : Engineering and Technology
Subcategory: Software Engineering
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2021-09-16
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law.