Velocity Staff

Offensive Privacy Tester

Location US-KS-Leawood
Posted Date 2 months ago(9/19/2024 7:05 AM)
# Positions
5

Overview

Offensive Privacy Tester
We are looking for an experienced Offensive Privacy Engineer. In this role, you will conduct offensive privacy testing and identify vulnerabilities and/or misconfiguration to enhance the security and privacy of our systems and applications. Your efforts will ensure the protection of our users' data against potential threats, comply with applicable laws/regulations/commitments and reduce attack paths within the USDS environment.

 

Responsibilities

Responsibilities:
• Lead comprehensive privacy-focused penetration tests and/or emulate adversary-like behavior/operations on our infrastructure, application, products and services.
• Perform deep technical, hands-on offensive privacy testing to identify and exploit privacy and security weaknesses.
• Contribute to the creation of a testing framework to methodically test safeguards being designed and implemented
• Design and execute advanced testing methodologies specifically targeting privacy vulnerabilities.
• Develop detailed reports on findings, including actionable remediation recommendations.
• Work closely with XFN teams to address and remediate identified vulnerabilities.
• Communicate findings effectively to technical and non-technical stakeholders.
• Advocate for best practices in privacy and data protection, ensuring compliance with relevant privacy regulations (e.g., GDPR, CCPA).
• Stay updated on the latest privacy threats and integrate new findings into the testing program.
• Build and implement security testing tools and technologies to enhance privacy testing capabilities and promote automation.
• Continuously improve team processes and methodologies for better testing outcomes.

Qualifications

Qualifications
• Bachelor’s degree in Computer Science, Information Security, or a related field. Advanced degrees or equivalent professional experience are preferred.
• 4+ years of experience in offensive security testing, with a strong focus on privacy vulnerabilities.
• Proven experience in penetration testing, red teaming, and vulnerability assessments, particularly in privacy contexts.
• Relevant security certifications such as OSCP, OSEP, OSWA, OSWE, OWSE, OSED, GPEN, GXPN, GWAPT, GMOB, BSCP etc.
• Hands on technical experience in web, mobile and infrastructure penetration testing with tools like Burp Suite Pro, SQLMap, Frida, Objection, Android Studio, XCode, MobSF, Drozer
• Experience with conducting reverse engineering on mobile applications, including applications with anti-emulator and obfuscation protections
• Familiarity and experience working with frameworks like MITRE ATT&CK/D3FEND, NIST, CCPA, COPPA, OECS, ISO etc.
• Proven hands-on experience with programming and scripting languages (e.g., C/C++, C#, Python, Golang, JS).
Preferred Qualifications:
• Experience with automation, big data and relational databases.
• Contributions to the privacy or security community through research, publications, or participation in bug bounty programs.
• Relevant industry certifications (e.g., CIPP, CIPT, CIPM)

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us And We Promise Not To Overwhelm Your Inbox!

Not ready to apply? Connect with us to learn about future opportunities.