Job Description:

You are responsible for:

• Performing comprehensive security testing that includes the identification, reporting, and
• recommendations for identified vulnerabilities.
• Conducting attack surface reviews and recommending layered defenses to prevent exploits, detect
• and intercept attacks, and discover threat agents.
• Performing complex security test data analysis in support of security vulnerability assessment
• processes, including root cause analysis.
• Performing security research on known and unknown vulnerabilities.
• Implementing processes, capabilities, and techniques for security testing.
• You will be responsible for monitoring external vulnerability disclosure and threat intelligence
• sources to identify and triage new system vulnerabilities and cyber threats targeting VMware.
• Serving as an escalation point on issues, dependencies, and risks related to security testing.
• You will contribute directly to the strategic direction for vulnerability management and security
• testing capabilities at VMware.
• Supporting compliance and risk management activities, recommending security controls and
• corrective actions to mitigate vulnerability risks.
• Providing technical expertise for VMware information security policies and standards.

Required Skills:

• 8 years of demonstrated experience in penetration testing.
• Strong understanding of security testing practices and methodologies.
• Extensive experience using security testing and analysis tools (Metasploit, Burp Suite, Kali,
• Wireshark, Nmap, AppCheck, Fortify).
• Experience using common vulnerability scanning tools (Nessus, Qualys, AppScan, etc).
• Experience with cloud computing and security issues related to cloud environments.
• Experience conducting security testing for cloud services (Amazon Web Services, Microsoft Azure,
• Google Cloud Platform).
• Demonstrated knowledge of common vulnerability frameworks (CVSS, OWASP Top 10).
• Expert knowledge of system, application, and database hardening techniques and practices.
• Experience with security source code review and development experience in C/C++, Java, Python.
• Authoritative technical knowledge of Internet security and networking protocols.
• Experience with software development.
• Scripting skills such as Python, Perl, Shell, Bash.
• Strong analytical skills and ability to identify advanced threats.
• Ability to communicate effectively at all levels of an organization, across diverse cultural and
  linguistic barriers, and among a geographically distributed team.
• Ability to collaborate effectively as part of a team and work independently with minimal supervision.
• Ability to quickly adapt as the external environment and organization evolves.
• Ability to rapidly adjust to new challenges and changes in priority.
• Self-motivated, collaborative, and detail oriented.
• Positive and constructive attitude.
• Ability to prioritize projects and operational workload.
• Excellent written and verbal communications.
• Availability outside working hours for high priority events.
• Some travel required.

Preferred Skills

• Bachelor’s degree or equivalent experience.
• Certifications such as OSCP, OSCE, GPEN, CEH, CISSP