Security Engineer (Red Team)

About Glean

We're on a mission to bring people the knowledge they need to make a difference in the world. 

Glean was founded by a seasoned team of former Google search and Facebook engineers, who wondered why we don't have an easier way of finding what we need at work. In our personal lives, we have tools to help us find pretty much whatever we need. Why don't we have that at work? And that was the beginning of Glean.

Glean searches across all your company's apps to help you find exactly what you need and discover the things you should know. We're a diverse team of curious and creative people who want to help each other get big things done-so we can help other teams do the same. 

We're backed by some of the Valley's leading venture capitalists-including Sequoia, Kleiner Perkins, Lightspeed, and General Catalyst-and have assembled a world-class team with senior leadership experience at Google, Slack, Facebook, Dropbox, Rubrik, Uber, Intercom, Pinterest, Palantir, and others.

Role

Glean is looking for a highly skilled and motivated Red Team Engineer to join our team. We are looking for an ultimate ethical adversary, who can leverage their expertise in network penetration testing, social engineering, and attack methodologies to expose our weaknesses and make us stronger. 

What you will do and achieve

• Conduct network penetration testing, employing various techniques like exploiting vulnerabilities, bypassing defenses, and escalating privileges.
• Design and execute targeted social engineering attacks to test human vulnerabilities and security awareness.
• Develop assumed breach scenarios that mimic real-world attacks, testing our incident response procedures and readiness.
• Utilize penetration testing frameworks like Metasploit, Kali Linux, and Burp Suite, constantly updating your knowledge and exploring new tools.
• Collaborate with blue teams, developers, and stakeholders to communicate findings, prioritize vulnerabilities, and recommend remediation strategies.
• Stay ahead of the curve by researching emerging threats, attending conferences, and actively contributing to the offensive security community.

Who you are

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience). Masters in Information Security a big plus.
• Experience with social engineering techniques and methodologies.
• Proficiency in scripting languages like Python and Bash.
• Excellent communication and teamwork skills, able to explain complex technical concepts to both technical and non-technical audiences.
• A passion for learning, constantly seeking new ways to improve your skills and knowledge.
• Bonus points for experience with cloud security, web application security, and post-exploitation frameworks.

Key knowledge and skills

• Thrive in a customer-focused, tight-nit and cross-functional environment - being a team player and willing to take on whatever is most impactful for the company is a must
• A proactive and positive attitude to lead, learn, troubleshoot and take ownership of both small tasks and large features
• Familiarity with cloud native development practices in GCP/AWS/Azure is a plus

The standard base salary range for this position is $200,000 - $260,000 annually. Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for variable compensation, equity, and benefits.

We are a diverse bunch of people and we want to continue to attract and retain a diverse range of people into our organization. We're committed to an inclusive and diverse company. We do not discriminate based on gender, ethnicity, sexual orientation, religion, civil or family status, age, disability, or race.