Senior Penetration Tester

Fastly helps people stay better connected with the things they love. Fastly’s edge cloud platform enables customers to create great digital experiences quickly, securely, and reliably by processing, serving, and securing our customers’ applications as close to their end-users as possible — at the edge of the Internet. The platform is designed to take advantage of the modern internet, to be programmable, and to support agile software development. Fastly’s customers include many of the world’s most prominent companies, including Vimeo, Pinterest, The New York Times, and GitHub.

We're building a more trustworthy Internet. Come join us.

Senior Penetration Tester

Fastly is looking for an Offensive Security Engineer to join our Discovery and Advancement Team. This person will be responsible for leading penetration tests and security reviews for core Fastly applications and APIs. You will be responsible for discovering vulnerabilities at Fastly and have a consistent track record of doing this over your career. In addition to finding new bugs, you will be called upon to demonstrate your offensive security knowledge and penetration testing experience during Red Team exercises, with the goal of improving Fastly’s security posture and strengthening our security incident response program. 

This is a role which has a high impact on human lives. You will be supported by a friendly security team, where you can learn and develop. We check our egos at the door. You’ll make sure our customers benefit from services built to the highest security standards in the industry. We pride ourselves in our involvement in the larger security community and encourage our team to present at network and security conferences, submit to bug bounties and participate in the open source community. We are a distributed security team with the commitment and tools in place to make it work.

Work Location(s) & Travel Requirements:

Remote:

This position is a remote role and open to candidates residing in the following locations: Canada (Remote)

In a remote position, you may not reside within a commutable distance to a Fastly office.

This position may require travel approximately 2-4 times per year as requested by your manager.

What You'll Do

• Collaboratively plan, scope, prioritize, and execute offensive security engagements against Fastly applications and systems. 
• Integrate offensive security into security development lifecycle 
• Research, reproduce and respond to various security vulnerabilities reported to Fastly 
• Participate in purple-team exercises to improve efficacy of internal security programs 
• Apply and improve automated vulnerability discovery infrastructure, including continuous fuzzing
• Work Hours: 
  • Salaried Position / General Working Hours:This position will require you to be available during core business hours.

What We're Looking For

Basic Qualifications:

• Experience in identifying and exploiting vulnerabilities in web applications, client/server applications, and network infrastructure. 
• Experience performing network penetration tests including performing manual and automated scans, configuring and running scanning tools, and interpreting and writing up results
• Demonstrated ability to develop test approach and plan based on architecture review and considering application business purpose, data flows and interfaces/integrations with other systems.
• Experience in security assessment of networked systems and protocols.
• Experience in security assessment of emerging web protocol and technology development (network protocols, browser technology, etc.)
• Experience scoping and performing security assessments independently and in collaboration with key stakeholders 
• Experience with Linux based systems and production environments 
• Proven ability to work within a collaborative, cross-functional environment and mentor and develop the next generation of strong security engineers.
• Strong communication skills; proven ability to effectively communicate security risks
• High emotional intelligence. Fastly teams care about one another, collaborate regularly and are part of a people first organization

Preferred Qualifications:

• Experience with the x86/x64 low level architecture and the ability to conduct vulnerability research against applications compiled for that architecture using code-assisted discovery techniques
• Experience reviewing source code for control flow and security flaws
• Involvement in the open source community
• History of involvement in security organizations, events, and conferences

Benefits

We care about you. Fastly works hard to create a positive environment for our employees, and we think your life outside of work is important too. We support our teams with great benefits that start on the first day of your employment with Fastly. Curious about our offerings?

• We offer a comprehensive benefits package designed to meet your needs. Our offerings may vary depending on the country where you work and are subject to change.

Why Fastly?

• We have a huge impact. Fastly is a small company with a big reach. Not only do our customers have a tremendous user base, but we also support a growing number of open source projects and initiatives. Outside of code, employees are encouraged to share causes close to their heart with others so we can help lend a supportive hand.

• We love distributed teams. Fastly’s home-base is in San Francisco, but we have multiple offices and employees sprinkled around the globe. 

• We value diversity. Growing and maintaining our inclusive and diverse team matters to us. We are committed to being a company where our employees feel comfortable bringing their authentic selves to work and have the ability to be successful -- every day.

• We are passionate. Fastly is chock full of passionate people and we’re not ‘one size fits all’. Fastly employs authors, pilots, skiers, parents (of humans and animals), makeup geeks, coffee connoisseurs, and more. We love employees for who they are and what they are passionate about.

We’re always looking for humble, sharp, and creative folks to join the Fastly team. If you think you might be a fit please apply! A fully completed application and resume or CV are required when applying.

Fastly is committed to ensuring equal employment opportunity and to providing employees with a safe and welcoming work environment free of discrimination and harassment. Our employment decisions are based on business needs, job requirements and individual qualifications. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, family or parental status, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances.

Consistent with the Americans with Disabilities Act (ADA) and federal or state disability laws, Fastly will provide reasonable accommodations for applicants and employees with disabilities. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact your Recruiter, or the Fastly Employee Relations team at [email protected] or 855-448-2596. 

Fastly collects and processes personal data submitted by job applicants in accordance with our Privacy Policy. Please see our privacy notice for job applicants.