Application Security (Pen Test) Engineer
At Palo Alto Networks® everything starts and ends with our mission: protecting our way of life in the digital age by preventing successful cyberattacks. It’s not a small goal. It isn’t simple either, but we aren’t in this for the easy answer. As a company with a foundation in challenging the way things are done, we’re looking for innovators with a dedication to THE best. In return, your career will have a tangible impact - one that's working toward technology that affects every level of society.
Our mission doesn’t happen by treading softly. It happens by defining an industry. It means building products that haven't been thought of. It means selling products with a solutions mindset. It means supporting the infrastructure of a company that moves at an incredible speed…intentionally…to stay ahead of the world’s next cyber threat.
Think about it, security for an information security company. Working at a high-tech cyber-security company within Information Security team is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, our global teams on the front line of defense against cyber attacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.
Our Information Security Operations team is looking for an Application Security Engineer who thrives in a fast paced environment where energy, drive, and collaboration are the only way to succeed. In this role, you will work closely with members of the Product, Engineering and Information Technology teams to improve the security of both internal and customer facing services.
- Efficiently scoping blackbox, whitebox, and graybox assessments to optimize security review time and resources
- Managing third-party penetration testing engagements and driving remediation efforts
- Triaging security issues reported by external researchers or found through automated security tools
- Communicating risks to engineering staff through training and technical demonstration of vulnerabilities
- Tracking and validating issues detected during internal and external (third-party) reviews
- Performing technical security assessments on our web applications and internal services
- Seeking out opportunities to automate processes where appropriate
- Scaling the application security program while ensuring both quality and coverage of critical applications and services
- You think about your job as not just finding and fixing bugs but finding effective ways to eliminate them
- 1 – 2 years of experience in penetration testing, application security or product security roles
- Good understanding of web application architecture and design principles
- Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, AppScan, Checkmarx
- Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues
- Communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
- Bachelor’s degree in Computer Science, Engineering or a related field, or equivalent training, fellowship, or work experience
- Bachelor's degree from four-year college or university; or equivalent training, education, and experience in information / cyber security, computer systems, IT, etc.
Think about it, security for an information security company. Working at a high-tech cybersecurity company within the Information Security team is a once in a lifetime opportunity. You’ll be joined with the brightest minds in technology, our global teams on the front line of defense against cyberattacks. We’re joined by one mission – but driven by the impact of that mission and what it means to protect our way of life in the digital age. Join a dynamic and fast-paced team that feels excitement at the prospect of a challenge and feels a thrill at resolving security gaps that inhibit our privacy.