ZoomInfo

At ZoomInfo, we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. We value your take charge, take initiative, get stuff done attitude and will help you unlock your growth potential. One great choice can change everything. Thrive with us at ZoomInfo.

We are looking for a successful Web Application and Cloud Penetration Tester at ZoomInfo who should possess a deep understanding of both information security and computer science. You should understand concepts such as API scanning, Fuzzing, Remote Code Execution, Broken Access Control, cloud networking, identity and access management, console, applications, functions, other functionality and be able to learn advanced concepts such as application manipulation, exploit development, and stealth-focused operations. A typical job could be breaking into a frontend/backend/management application hosted in the cloud, lateral movement within the cloud environment, accessing sensitive information or compromising the environment, all without being detected. 

As Penetration Tester at Zoominfo:

• You’ll be part of the security team of one of the world’s largest and fastly growing SaaS companies.
• You’ll be running penetration testing for high complex multi cloud, micro services, big data environment.
• You’ll be running penetration testing for cutting edge technologies involving cloud (multi cloud - AWS and GCP) , AI, BigData, Machine Learning and more.
• You’ll work with engineers across the globe, providing them security feedback on their deliverables and helping them to do their job in a secure manner.
• You’ll be part of a global team of security experts in the US and Israel.

Responsibilities:

• Perform cloud and web/mobile application penetration testing, remediation activities, and threat analysis assessments
• Effectively communicate findings to relevant stakeholders.
• Recognize and safely utilize attacker tools, tactics, and hacking techniques.
• Develop scripts, tools, or methodologies to enhance ZoomInfo’s red teaming processes in scale.

Requirements:

1-2 years experience in the following:

• GCP, AWS or Kubernetes 
• Strong knowledge of Cloud hosted applications, Storage containers, Databases, Functions, Logging, APIs, etc. 
• Cloud penetration testing and manipulation of web applications and cloud infrastructure
• Application architecture design and code review
• Thorough understanding of network protocols, data on the wire, and covert channels

5-7 years experience in the following:

• Shell scripting or automation of simple tasks using Python or nodeJS
• Developing, extending, or modifying exploits or exploit tools
• Function code review for control flow and security flaws
• Strong knowledge of tools used for cloud and web application security testing
• Deep knowledge of Java, Javascript
• Web and mobile penetration testing while most of the time focused on assessing cloud environments, both public or private ones.

Desirable Qualifications:

• Ability to successfully interface with key internal stakeholders
• Ability to document and explain technical details in a concise, understandable manner
• Security Architecture experience
• Incident Response/Incident Remediation experience 
• Knowledge of CI/CD products, such as Jenkins, Gitlab CI/CD, bitbucket CI/CD and GCP Cloud Build 
• Knowledge of tools such as Terraform integrated with cloud-based CI/CD products 
• OSWE/OSCP/CCSP/CISSP certifications

About us: 

ZoomInfo (NASDAQ: ZI) is the trusted go-to-market platform for businesses to find, acquire, and grow their customers. It delivers accurate, real-time data, insights, and technology to more than 35,000 companies worldwide. Businesses use ZoomInfo to increase efficiency, consolidate technology stacks, and align their sales and marketing teams — all in one platform. 

ZoomInfo may use a software-based assessment as part of the recruitment process. More information about this tool, including the results of the most recent bias audit, is available here.

ZoomInfo is proud to be an Equal Opportunity employer. We are committed to equal employment opportunities for applicants and employees regardless of sex, race, age, color, national origin, sexual orientation, gender identity, marital status, disability status, religion, protected military or veteran status, medical condition, or any other characteristic or status protected by applicable law. At ZoomInfo, we also consider qualified candidates with criminal histories, consistent with legal requirements.