Engineer Pentesting

Vertiv, a global organization with nearly 24,000 employees, designs, builds, and services critical infrastructure that enables vital applications for data centers, communication networks, and commercial and industrial facilities. We support today’s growing mobile and cloud computing markets with a portfolio of power, thermal, and infrastructure management solutions.

The Application and Product Security Engineer (Penetration Testing) is responsible for conducting security pen testing, monitoring, and auditing within a dynamic global organization. The products under test range from embedded devices to cloud services, with tests varying from white box to black box engagements.

A successful engineer will evaluate product design and implementation to identify security gaps, focusing on weaknesses under the guidance of senior engineers and testing leads. The engineer should clearly document findings, analysis, and prepare detailed reports.

In addition to performing internal application and product security assessments, the Penetration Tester will support the following activities:

• Conduct security evaluations and threat assessments of embedded systems, mobile applications, web applications
• Research new vulnerabilities and enhance existing security capabilities
• Circumvent security protections and techniques
• Perform data bus monitoring (snooping) and data injection
• Analyze communication protocols in embedded products and applications
• Conduct wireless communication channel snooping and data injection
• Learn reverse engineering of complex systems and protocols
• Create detailed technical reports and proof of concept code to document findings
• Perform system breakdowns of projects/products before testing, identify testing requirements, and plan activities with senior/test engineers
• Engage proactively with engineering teams on testing needs, progress, and detailed analysis reports

• Possess a Bachelor’s Degree in Information Technology, Computer Science, or related field (highly desirable)
• Hold advanced security certifications such as OSCP, CEH, or equivalent
• Have 5+ years of experience in information, application, or embedded product security and/or IT risk management
• Have 2+ years of pentesting experience with personal interests in pentesting activities (CTF, HacktheBox, etc.)
• Understand security protocols, cryptography, authentication, and authorization
• Have good knowledge of current IT risks and security solutions implementation
• Ability to communicate effectively across diverse personnel
• Excellent written and verbal communication skills and business acumen
• Ability to establish partnerships, influence change, and achieve results in dynamic environments
• Make meaningful technical contributions to the development lifecycle of applications, products, or services

• Experience with embedded systems/software and web-based applications
• Familiarity with compilers, debuggers, disassemblers, and analysis tools
• Exposure to binary analysis tools such as IDA Pro, WinDbg, BinWalk, Valgrind, PIN, Panda, and S2E
• Understanding of cryptographic algorithms, protocols, and their vulnerabilities
• Knowledge of network protocols and development of packet-level programs
• Understanding of microcontroller programming tools and debugging interfaces
• Experience with Layer 2, Layer 3 networking, QoS
• Knowledge of malware/botnet exploits targeting embedded systems
• Experience with Windows, Linux, Android, and iOS OS configurations
• Understanding of the computer boot process and boot loaders
• Additional skills such as functional analysis, memory image capture, static memory analysis, and data extraction are a plus
• Experience with Gitlab for issue management and tool usage preferred