Honey is a fast-growing startup based in Los Angeles. Our online shopping platform offers users a smarter way to shop. Through a simple browser extension, we open up instant access to exclusive savings, deals, rewards and discovery, all powered by the collective knowledge of Honey’s community of online shoppers. We are helping millions save when they shop online, and we're hiring! We are actively seeking a Cybersecurity PenTester to join the Engineering Team in our Los Angeles office.

About The Team:

Our team has the opportunity to break the cool things we build, and shape the direction the security program takes as a whole. Our focus is everything from what our users see to Honey offices are in scope. Although Honey is a collaborative environment, this position is for a highly autonomous security expert who is excited about learning new technologies.

About The Role:

As a PenTester at Honey, you will have the opportunity to break the cool things we build, and shape the direction the security program takes as a whole. Your focus will be Full-Stack Penetration Testing and everything from what our users see to the Honey offices are in scope.

What You'll Do:

As a Cybersecurity PenTester at Honey, you will:

• Perform comprehensive, cyber security engagements on all Honey attack surfaces, from the office to the Cloud, while avoiding detection
• Manually assess the security posture of our Extension, Web and Mobile clients
• Evaluate and leverage automated tools that perform security assessments
• Evaluate the security posture of third-party integrations and partnerships
• Translate red team engagement findings into actionable items for both technical and executive audiences
• Create POCs for vulnerabilities found in Honey
• Create technically flexible remediation strategies for vulnerabilities
• Work with the security development team to automate security assessments
• Research previously unknown vulnerabilities in Honey’s infrastructure
• Lead threat modeling and tabletop exercises
• Evaluate and contribute to Honey’s overall security strategy

Secondary Responsibilities

• Assist with forensics, incident response and reverse engineering
• Deploy security assessment and monitoring tools
• Lead secure code trainings
• Integrate security tools in the CI/CD and SDLC processes
• Develop and/or extend scripts to enhance Honey’s security assessment tools and processes
• Assist with the Security Operations Center

 About You:

• 3+ years of Security experience
• Possess a high level of proficiency in web, browser and mobile security
• Possess a high level of proficiency in the penetration testing process
• Strong understanding of system and application vulnerability classes
• Well rounded knowledge in security tools, software and processes
• Knowledge in identity access, access control, network/host intrusion detection, intrusion prevention and patch management tools
• Knowledge of Cloud, Containers and Container Orchestration tools
• Proficiency in one or more scripting languages: Perl, Python, Powershell, Ruby, etc.
• Knowledge of regulatory security frameworks
• Ability to write clearly and concisely for both technical and executive audiences

At Honey, we are committed to building a diverse and inclusive company. We seek to create a culture where everyone can belong because we believe that people do their best work when they can show up every day as their authentic selves. We welcome people of different backgrounds, experiences, abilities, and perspectives.

Honey is an equal opportunity employer. We do not make hiring or employment decisions on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, disability status or genetic information, in compliance with applicable federal, state and local law.