Overview

Mailchimp is a leading marketing platform for small businesses. We empower millions of customers around the world to build their brands and grow their companies with a suite of marketing automation, multichannel campaigns, CRM, and analytics tools. Mailchimp’s Security Engineering team is looking for a passionate, self-motivated Senior Offensive Security Engineer to be responsible for performing regular and proactive tests against Mailchimp’s applications and code. A person in this role will lead different initiatives requiring cross-team collaboration and great communication skills. As a member of the Offensive Security team you will be exposed to multiple different technologies and presented with various learning opportunities to expand your knowledge base. In addition to that the Senior Penetration Tester will lead, mentor, and grow junior team members.

A great candidate for this role is someone who likes representing their team, fostering and forming relationships, leading different initiatives and projects, mentoring fellow team members.

What you'll bring

• Experience performing offensive security tests against APIs, web and mobile applications.

• Extensive knowledge exploiting OWASP Top 10.

• Experience using offensive security tools such as Burp Suite, Nmap etc.

• Ability to translate technical concepts to non-technical audiences.

• Demonstrated experience mentoring junior team members.

• Nice-to-have qualifications:

• Industry recognized certification (OSCP, GWAPT, GPEN or similar).

• Experience in Cloud security testing.

Nice-to-have qualifications:

• Industry recognized certification (OSCP, GWAPT, GPEN or similar).

• Experience in Cloud security testing

How you will lead

• Lead and perform offensive security tests per defined cadence on one or more of the following products: web applications, mobile applications, APIs, internal and external networks.

• Participate in the Vulnerability Management Program by triaging findings and validating fixes (sources include bug bounty, responsible disclosure, and similar programs).

• Engage with different audiences across the organization to help articulate the testing process, help interpret the findings, and help make technical decisions.

• Develop new techniques to identify vulnerabilities in new products and help improve them.

• Perform application architecture reviews, evaluate risks, and act as a technical advisor.

• Participate in an on-call rotation for security incidents and assist in incident response processes.

• Lead different initiatives, mentor junior members of the team.

EOE AA M/F/Vet/Disability. Intuit will consider for employment qualified applicants with criminal histories in a manner consistent with requirements of local law.