Job Information
Pitney Bowes Penetration Tester in Pune, India
At Pitney Bowes, we do the right thing, the right way. As a member of our team, you can too.
We have amazing people who are the driving force, the inspiration and foundation of our company. Our thriving culture can be broken down into four components: Client. Team. Win. Innovate.
We actively look for prospects who:
• Are passionate about client success.
• Enjoy collaborating with others.
• Strive to exceed expectations.
• Move boldly in the quest for superior and best in market solutions.
Job Description:
Join Pitney Bowes as a Senior Penetration Tester – Red Team
Years of experience: 10 + years
Job Location – Pune
Impact
Pitney Bowes Information Security is looking for a highly motivated, experienced, and skilled specialist to join the Red team. The security testing team protects Pitney Bowes’s data, and brand by identifying vulnerabilities and threats to our organization through the use of pen testing, red teaming and simulated cyber security attacks.
This is a key member of the Security Testing team, and will lead efforts in planning, developing, and executing pen tests and adversarial exercises against our networks, systems, applications, and users. The Senior Tester will work with internal and external groups to lead communications around risks identified throughout Pitney Bowes’s environment. This role will make a difference by working with Pitney Bowes’s defenders (Purple Teaming) to secure our organization against current and emerging threats.
The ideal candidate will have advanced experience performing penetration tests against systems, applications, and networks, and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans.
The Job
This is a key member of the Advanced Security Testing team, and will lead efforts in planning, developing, and executing adversarial exercises against our networks, systems, applications, and users
The Senior Tester will work with internal and external groups to lead communications around risks identified throughout Pitney Bowes environment.
This role will make a difference by working with Pitney Bowes defenders (purple teaming) to secure our organization against current and emerging threats
Provide leadership on the latest critical information security vulnerabilities, threats, and exploits, as they apply within the Pitney Bowes environment.
Develop and implement red team methodology to assess risk within Pitney Bowes networks, systems, applications, and users
Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in Pitney Bowes environment and monitoring/response programs
Assist in the management and development of command and control (C2) infrastructure
Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers
Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including Pitney Bowes SOC and junior team staff members
Identify enhancements to tools, standards, and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program
Perform web and IOT application security assessments, as needed including tasks such as:
Performing security assessments for Pitney Bowes applications across the enterprise
Static & dynamic application security testing and/or penetration testing of applications
Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
Qualifications & Skills required
Bachelor’s degree and 10 years’ experience with direct enterprise-level red team and/or penetration testing experience
Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source tools
Hands-on experience with command and control (C2) best practices, infrastructure, beacon deployment and management.
The ideal candidate should have experience with security protocols and/or technologies such as REST APIs, Burp Suite /ZAP, Kali Linux, Nmap, Metasploit, Powersploit, Lolbins etc.
Candidate must understand security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK
The candidate should be able to automate tasks in Python, bash, Java, Terraform etc.
Have a strong understanding of attacks in AWS, OAuth etc.
Have experience using secure development frameworks (i.e. OWASP Top 10, SANS Top 25 and Microsoft SDL).
Nice to have - You are proficient in bypassing and tuning security technologies (i.e. Anti-Malware, IDS, DLP, FIM, Firewalls, SIEM, MFA, Web Proxies and WAF).
Adept at communicating concepts to diverse audiences with varying skill sets
Relevant certifications such as OSCP, OSWP, GPEN are strongly preferred
Strong Knowledge of the following:
Operating systems (including Windows, Linux, Unix, and MacOS)
Networking fundamentals and technologies like Zero Trust a big plus
Cloud security a big plus
Application architectures and technologies
Penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration.
About Pitney Bowes
Pitney Bowes (NYSE:PBI) is a global technology company providing commerce solutions that power billions of transactions. Clients around the world, including 90 percent of the Fortune 500, rely on the accuracy and precision delivered by Pitney Bowes solutions, analytics, and APIs in the areas of ecommerce fulfillment, shipping and returns; cross-border ecommerce; office mailing and shipping; presort services; and financing. For 100 years Pitney Bowes has been innovating and delivering technologies that remove the complexity of getting commerce transactions precisely right. For additional information visit Pitney Bowes at https://www.pitneybowes.com/in .
Only Talent Matters at Pitney Bowes
Pitney Bowes is an equal opportunity workplace. To remove unconscious biases from our hiring process, we encourage ‘Blind Applications’ from candidates applying for jobs at Pitney Bowes. This means that details such as gender, caste, religion, nationality, and age are omitted from applications. And candidates can choose to reveal only their first or last name on the application.
Watch the video here: https://www.youtube.com/watch?v=dNB-K5KFU78
Watch the videos below for more information about Life at Pitney Bowes:
Who we are (https://www.youtube.com/watch?v=DDHx_0OV6D4&list=PL06B89F1DD8A5475A)
Pitney Bowes All Stars
Pitney Bowes named a Great Place to Work ®
Pitney Bowes Gratitude Video (https://www.youtube.com/watch?v=mbCW_yZyyfY)
Pitney Bowes COVID Care
We will:
• Provide the will: opportunity to grow and develop your career
• Offer an inclusive environment that encourages diverse perspectives and ideas
• Deliver challenging and unique opportunities to contribute to the success of a transforming organization
• Offer comprehensive benefits globally ( P B Live Well )
Pitney Bowes is an equal opportunity employer that values diversity and inclusiveness in the workplace.
All interested individuals must apply online.
Pitney Bowes is an Equal Employment Opportunity/Affirmative Action Employer that values diversity and inclusiveness in the workplace.
Women/Men/Veterans/Individuals with Disabilities/LGBTQ are encouraged to apply.
All interested individuals must apply online. Individuals with disabilities who cannot apply via our online application should refer to the alternate application options via our Individuals with Disabilities link.