Penetration tester

The Information Security organization advances the overall state of security at Rubrik through purposeful initiatives and coordination of large security projects. Information Security builds technologies, tools, and processes to better enable teams at Rubrik to develop secure software and protect data and systems with appropriate security controls. Information Security also develops systems to monitor and respond to attacks against our systems, provides awareness education to teams on security best practices for data protection, and ensures data sharing relationships with third parties in order to securely protect Rubrik information.

Rubrik is seeking a passionate and motivated Penetration Testing Engineer to join our Information Security team. In this role, you will work to simulate real-world attack scenarios to identify vulnerabilities, evaluate security posture, and develop methods to defend against attacks. The successful candidate will be technically savvy, customer-oriented, results-driven, and passionate about security. You will partner with the vulnerability management engineers, Engineering, IT and other internal stakeholders to enhance Rubrik’s overall security posture.

• Design and execute real-world attack scenarios by replicating the tactics, techniques and procedures (TTPs) of threat actors and highlight gaps impacting Rubrik’s products and enterprise security posture.
• Assist with the planning, execution, and reporting of penetration tests on Rubrik’s products, services, and internal systems.
• Develop and refine exploitation techniques consistently to conduct penetration testing exercises successfully.
• Deliver detailed reports of technical findings to stakeholders and assist with the development of mitigation plans.
• Assist in security investigations, root-cause analysis and corrective measures as required.
• Coordinate with the security researcher community in reviewing the identified vulnerabilities and drive the issues to closure.
• Drive vulnerabilities to closure within the established SLAs. Navigate escalations when necessary to raise visibility into risk and drive the risk down when SLAs are not met.
• Collaborate with the senior security team members to identify areas for improvement in security posture.
• Contribute to the continuous improvement of Rubrik’s penetration testing framework and processes.
• Help develop and maintain testing documentation, including methodologies, procedures, and post-engagement reports.
• Track and monitor penetration testing metrics to scale the pentest program and continuously improve the coverage and depth of penetration testing.
• Stay updated with emerging security threats, innovative defense measures, and industry trends to recommend improvements proactively.

• Bachelor’s degree required; BE/BTech or MS in Computer Science, Information Technology, or related field
• 2-4 years of hands-on experience in penetration testing, red team, vulnerability exploitation, product security and/or cloud security roles
• Ability to perform targeted cyberattacks with or without the use of automated tools such as (e.g., Burp Suite, Metasploit, Nmap, Wireshark, etc.).
• Experience in system internals (windows, linux) and cloud security (AWS, Azure, GCP)
• In-depth knowledge of exploit frameworks, obfuscation/evasion techniques, application security, IDS/IPS and web proxies 
• Strong understanding of security best practices and frameworks (OWASP Top 10, NIST, CIS).
• Demonstrated programming skills in one or more of: Python, Perl, Ruby, Java
• IT security certifications (OSCP, OSCE, GPEN, GWAPT, GXPN) is a plus
• Strong analytical and problem-solving skills.
• Ability to work independently as well as part of a team in a fast-paced environment.
• Excellent verbal and written communication skills