Red Team Specialist
Honey is helping millions save money on a daily basis and we're growing! As we grow security becomes more and more important for us and our customers.
As a Red Team Specialist at Honey, you will have the opportunity to break the cool things we build, and shape the direction the security program takes as a whole. Your focus will be Red Team engagements and everything from what our users see to Honey offices are in scope.
Although Honey is a collaborative environment, this position is for a highly autonomous security expert who is excited about learning new technologies.
- Perform comprehensive, cyber security engagements on all Honey attack surfaces, from the office to the Cloud, while avoiding detection.
- Manually assess the security posture of our Extension, Web and Mobile clients.
- Evaluate and leverage automated tools that perform security assessments.
- Evaluate the security posture of third-party integrations and partnerships.
- Translate red team engagement findings into actionable items for both technical and executive audiences.
- Create POC’s for vulnerabilities found in Honey.
- Create technically flexible remediation strategies for vulnerabilities.
- Work with the security development team to automate security assessments.
- Research previously unknown vulnerabilities in Honey’s infrastructure.
- Lead threat modeling and tabletop exercises.
- Evaluate and contribute to Honey’s overall security strategy.
- Assist with forensics, incident response and reverse engineering.
- Deploy security assessment and monitoring tools.
- Lead secure code trainings.
- Integrate security tools in the CI/CD and SDLC processes.
- Develop and/or extend scripts to enhance Honey’s security assessment tools and processes.
- Assist with the Security Operations Center.
- 3+ years of Red Team experience.
- Possess a high level of proficiency in web, browser and mobile security.
- Possess a high level of proficiency in the penetration testing process.
- Strong understanding of system and application vulnerability classes.
- Well rounded knowledge in security tools, software and processes.
- Knowledge in identity access, access control, network/host intrusion detection, intrusion prevention and patch management tools.
- Knowledge of Cloud, Containers and Container Orchestration tools.
- Or be comfortable and motivated to learn these technologies and their attack surfaces.
- Proficiency in one or more scripting languages: Perl, Python, Powershell, Ruby, etc.
- Knowledge of regulatory security frameworks.
- Ability to write clearly and concisely for both technical and executive audiences.
Honey is an equal opportunity employer. We are committed to building a diverse and inclusive company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, disability status or genetic information, in compliance with applicable federal, state and local law.