Penetration Tester

Technology Las Vegas, Nevada

Zapponian [noun|employee of Zappos]. You are self-motivated. You think like an entrepreneur, constantly innovating and driving positive change, but more importantly, you consistently deliver mind-boggling results.

Bold [adjective|not afraid of anything]. A role at Zappos is an opportunity to be a part of something different. To go bold. We’re a company that isn’t afraid to take risks and question the status quo. Oh yeah, we like to have fun too.

Perks [noun|the good stuff you get for working hard]. Zappos pays 100% of your medical, dental and vision premiums. Primary care visits, dental exams, eye exams and generic prescriptions are all free. Plus matching 401k, life coaches, orthodontic benefits, and more. And don’t forget, an unlimited 40% discount.

1990s [noun|a decade we love, but no longer live in]. Old school cover letters are so 1990. Want to show us who you really are? Create a video cover letter. A flash mob, a comedic monologue… whatever showcases your passion for Zappos and the work you’d be doing! Videos are not required, but if you create it, we’ll watch it.

Scout [noun|you're a recruiter, too]. As a Zapponian, we’ll ask that you always keep your eye out for great talent to join our family. Consider yourself an extension of the recruiting team, scouting for the best people to grow our company.

We are currently seeking a Penetration Tester to join our Security Risk Assessment Team. The ideal candidate will possess a deep understanding of attack surfaces in modern applications and operating systems. Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.

What you’d be doing:

  • Discovers and exploits vulnerabilities affecting Zappos/Amazon infrastructure.
  • Develops and maintain tools to assist in vulnerability research and exploit development.
  • Communicates information security procedures to the business.
  • Escalate issues to vendors, security team, and engineering through standard escalation processes.
  • Provide technical expertise and advice on all areas of security technology, including: network security, platform security, authentication/authorization systems, application security, security architecture, policy enforcement, and security frameworks.
  • Integrates information security controls into an environment to identify risks and reduce impact.
  • Participate in or work directly on, additional projects, assignments or initiatives as required.

What you’d bring to the table:

  • 3+ years of Information Security experience.
  • 2+ years direct or equivalent experience in areas of penetration testing, exploit development, vulnerability research and fuzzing.
  • Extensive knowledge of MITRE ATT&CK Framework.
  • Experience performing host, network, and web application penetration tests.
  • Scripting experience with the ability to develop custom scripts, exploits, and tools.
  • Experience with common penetration testing tools.
  • Experience developing detailed penetration testing reports that can speak to multiple audience types.

Preferred experience that really excites us:

  • Bachelor of Science in Computer Science, Computer Engineering, or Electrical Engineering or a related technical field or equivalent professional experience.
  • Experienced programming using x86/x64 assembly C, C++, and Python (or a comparable scripting language).
  • Familiar with the Metasploit framework.
  • Source code review for control flow and security flaws.
  • Possess excellent communication skills in English, both written and verbal.
  • Excellent problem solving skills with the ability to diagnose and troubleshoot technical issues.
  • Experience with AWS technologies and services (e.g. S3, Lambda, EC2, KMS, IAM, etc.)
  • Experience with penetration testing, red teams, CTF (Capture The Flag), or bug bounties
  • Experience with penetration testing tools.
  • Experience with multiple programming languages.
  • OSCP, OSCE, GPEN, GXPN, or relevant industry certification.

Apply Apply Later

Please limit to 2 applications.

The Zappos Family of Companies is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at or call us at 1.702.943.7777.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.