Senior Staff Engineer - InfoSec, Red Team

Equinix is the world’s digital infrastructure company , operating over 26 0 data centers across the globe . Digital leaders harness Equinix's trusted platform to bring together and interconnect foundational infrastructure at software speed. Equinix enables organizations to access all the right places, partners and possibilities to scale with agility, speed the launch of digital services, deliver world-class experiences and multiply their value, while supporting their sustainability goals.

Our culture is based on collaboration and the growth and development of our teams. We hire hardworking people who thrive on solving challenging problems and give them opportunities to hone new skills and try new approaches , as we grow our product portfolio with new software and network architecture solutions. We embrace diversity in thought and contribution and are committed to providing an equitable work environment that is foundational to our core values as a company and is vital to our success .

Job Summary

A Red Team Penetration Tester (Pen Tester) is responsible for securing Equinix’s digital assets, through active hunting and identification of threats and vulnerabilities, in our environment, that are not detected by traditional vulnerability scanning. The Pen Tester should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionalities, and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations.

Responsibilities

Perform network penetration, web, mobile and business application testing, source code reviews, threat analysis, wireless network assessments, OT/IoT security assessments, and social-engineering assessments

Develop comprehensive and accurate reports and presentations for both technical and executive audience

Effectively communicate findings and remediation strategies to business stakeholders including technical staff, executive leadership, and legal counsel

Recognize and safely utilize attacker tools, tactics, and procedures

Develop scripts, tools, or methodologies to enhance Equinix’s red teaming processes

Qualifications

Bachelor’s degree in computer science or related degree preferred

7 years' experience or 3-5 years’ experience in at least three of the following:

Network penetration testing and manipulation of network infrastructure

Web, mobile and/or business application assessments

OT/IoT security assessments

Email, phone or physical social-engineering assessments

Shell scripting or automation of simple tasks using Perl, Python or Ruby

Developing, extending, or modifying exploits, shellcode or exploit tools

Developing applications in C#, ASP, .NET, ObjectiveC, or Java (J2EE)

Reverse engineering malware, data obfuscators, or ciphers

Source code review for control flow and security flaws

Strong knowledge of tools used for wireless, web application, IoT/OT and network security testing

Thorough understanding of network protocols, ICS/SCADA/Bacnet protocols, data on the wire, and covert channels

Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell

Experienced in utilizing various SIEM (e.g. Azure Sentinel, Splunk, Elastic) and EDR (e.g. CrowdStrike, SentinelOne, Microsoft ATP) tools for threat hunting

Strong knowledge of security controls and services in AWS, GCP and Azure cloud platforms

Background and knowledge of general security concepts, such as defense-in-depth, MITRE ATT&CK framework, and security architectures

Preferred certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN

Ability to document and explain technical details in a concise, understandable manner

Ability to manage and balance own time among multiple tasks, and mentor junior staff when required

Who are we?

Equinix is the world’s digital infrastructure company , operating over 26 0 data centers across the globe . Digital leaders harness Equinix's trusted platform to bring together and interconnect foundational infrastructure at software speed. Equinix enables organizations to access all the right places, partners and possibilities to scale with agility, speed the launch of digital services, deliver world-class experiences and multiply their value, while supporting their sustainability goals.

Our culture is based on collaboration and the growth and development of our teams. We hire hardworking people who thrive on solving challenging problems and give them opportunities to hone new skills and try new approaches , as we grow our product portfolio with new software and network architecture solutions. We embrace diversity in thought and contribution and are committed to providing an equitable work environment that is foundational to our core values as a company and is vital to our success .

Job Summary

A Red Team Penetration Tester (Pen Tester) is responsible for securing Equinix’s digital assets, through active hunting and identification of threats and vulnerabilities, in our environment, that are not detected by traditional vulnerability scanning. The Pen Tester should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, and operating system functionalities, and be able to learn advanced concepts such as application manipulation, exploit development, and stealthy operations.

Responsibilities

• Perform network penetration, web, mobile and business application testing, source code reviews, threat analysis, wireless network assessments, OT/IoT security assessments, and social-engineering assessments

• Develop comprehensive and accurate reports and presentations for both technical and executive audience

• Effectively communicate findings and remediation strategies to business stakeholders including technical staff, executive leadership, and legal counsel

• Recognize and safely utilize attacker tools, tactics, and procedures

• Develop scripts, tools, or methodologies to enhance Equinix’s red teaming processes

Qualifications

• Bachelor’s degree in computer science or related degree preferred

• 7 years' experience or 3-5 years’ experience in at least three of the following:

• Network penetration testing and manipulation of network infrastructure

• Web, mobile and/or business application assessments

• OT/IoT security assessments

• Email, phone or physical social-engineering assessments

• Shell scripting or automation of simple tasks using Perl, Python or Ruby

• Developing, extending, or modifying exploits, shellcode or exploit tools

• Developing applications in C#, ASP, .NET, ObjectiveC, or Java (J2EE)

• Reverse engineering malware, data obfuscators, or ciphers

• Source code review for control flow and security flaws

• Strong knowledge of tools used for wireless, web application, IoT/OT and network security testing

• Thorough understanding of network protocols, ICS/SCADA/Bacnet protocols, data on the wire, and covert channels

• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and PowerShell

• Experienced in utilizing various SIEM (e.g. Azure Sentinel, Splunk, Elastic) and EDR (e.g. CrowdStrike, SentinelOne, Microsoft ATP) tools for threat hunting

• Strong knowledge of security controls and services in AWS, GCP and Azure cloud platforms

• Background and knowledge of general security concepts, such as defense-in-depth, MITRE ATT&CK framework, and security architectures

• Preferred certifications: OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN

• Ability to document and explain technical details in a concise, understandable manner

• Ability to manage and balance own time among multiple tasks, and mentor junior staff when required

The United States targeted pay range for this position in the following location is / locations are: • San Francisco, CA / Bay Area: $157,000 to $235,000 per year • California (Non-SF/Bay Area), Connecticut, Maryland, New York, New Jersey, Washington state: $150,000 to $224,000 per year • Colorado, Nevada, Rhode Island: $136,000 to $204,000 per year Our pay ranges reflect the minimum and maximum target for new hire pay for the full-time position determined by role, level, and location. Individual pay is based on additional factors including job-related skills, experience, and relevant education and/or training. This position may be offered in other locations. Your recruiter can share more about the specific pay range for your preferred location during the hiring process. The targeted pay range listed reflects the base pay only and does not include bonus, equity, or benefits. Employees are eligible for bonus, and equity may be offered depending on the position. As an employee, you become important to Equinix’s success. Details about our company benefits can be found at the following link: USA Benefits eBook

Equinix is committed to ensuring that our employment process is open to all individuals, including those with a disability. If you are a qualified candidate and need assistance or an accommodation, please let us know by completing this form .

Equinix is an Equal Employment Opportunity and, in the U.S., an Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to unlawful consideration of race, color, religion, creed, national or ethnic origin, ancestry, place of birth, citizenship, sex, pregnancy / childbirth or related medical conditions, sexual orientation, gender identity or expression, marital or domestic partnership status, age, veteran or military status, physical or mental disability, medical condition, genetic information, political / organizational affiliation, status as a victim or family member of a victim of crime or abuse, or any other status protected by applicable law.

Equinix, Inc. is an American multinational company headquartered in Redwood City, California, that specializes in Internet connection and data centers.

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report . NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.