Olo is hiring a
Senior Penetration Tester in Worldwide

Summary

The job is for a Senior Security/Penetration Tester at Olo. The role involves various security tasks such as penetration testing, design and code reviews, and working with engineers to build security. The position is remote or based in NYC. Required qualifications include 5+ years of experience in Penetration Testing, Red Team or Application Security, scripting and development languages proficiency, knowledge of attack tools, cyber security standards, secure development frameworks, bypassing and tuning security technologies, AWS security best practices, and Infrastructure-as-Code.

Requirements

• 5+ years of experience in Penetration Testing, Red Team or Application Security experience
• Experience with scripting and development languages (ie. Python, PowerShell, JavaScript, C#, or F#)
• Proficient in common attack tools, vulnerability assessment and static inspection tools
• Knowledge of information technology, evolving threats, attack patterns, incident response and cyber security standards
• Experience using secure development frameworks (ie. OWASP Top 10, SANS Top 25 and Microsoft SDL)
• Proficient in bypassing and tuning security technologies (ie. Anti-Malware, IDS, DLP, FIM, Firewalls, SIEM, MFA, Web Proxies and WAF)
• Familiarity with AWS security best practices and Infrastructure-as-Code

Responsibilities

• Penetration testing of web applications, native apps, and other systems
• Design and code reviews of new systems and features
• Coach and work with engineers to build security and privacy by design
• Provide team members with concise, well-written penetration reports
• Coordinate and track penetration testing and vulnerability assessment remediations
• Conduct Red Team exercises to evaluate and improve processes and technologies
• Perform application design, threat detection, incident response, patching, vulnerability remediation, secure development training, and user training
• Partner with Blue Team daily to manage risk as threats evolve
• Work with PCI and SOC auditors to ensure security policies are understood and complied with

Benefits

• 20 days of paid time off
• 10 separate sick days
• 11 holidays plus year-end closure
• Health, dental and vision coverage for yourself and your family
• 401k match
• Remote-office stipend
• Company equity
• Generous parental leave plan
• Volunteer time off
• Gift matching policy