Time Inc. (NYSE:TIME) is a leading content company that engages over 150 million consumers every month through our portfolio of premium brands across platforms. By combining our distinctive content with our proprietary data and people-based targeting, we offer highly differentiated end-to-end solutions to marketers across the multimedia landscape. Our influential brands include People, Time, Fortune, Sports Illustrated, InStyle, Real Simple and Southern Living, as well as more than 50 diverse titles in the United Kingdom. Time Inc. has been extending the power of our brands through various acquisitions and investments, including Viant, an advertising technology firm with a specialized people-based marketing platform; The Foundry, Time Inc.’s creative lab and content studio; and the People Entertainment Weekly Network (PEN). The company is also home to celebrated events, such as the Time 100, Fortune Most Powerful Women, People’s Sexiest Man Alive, Sports Illustrated’s Sportsperson of the Year, the Essence Festival and the Food & Wine Classic in Aspen.
The successful candidate should have approximately 3-5 years of experience including in-depth hands on work in advanced security penetration testing and a solid knowledge of network security and architecture designs. This position will be located in Time Inc.’s India, Bangalore, Karnataka office, and will serve as a member of the Red Team division; performing application and network security testing, information security assessments, and security engineering.
The Red Team Penetration Tester will join a team of other Red Team and Information Security professionals reporting directly to the Global Director of Application Security and Architecture. The Red Team Penetration Tester will join an elite team of some of the smartest minds in the business that have been tasked with performing deep technical security assessments for our most critical applications and infrastructure to ensure that they are highly resilient against security threats. The Red Team is tasked with identifying critical network infrastructure and application weaknesses and performing highly technical assessments on these to ensure they are secure.
This position will be a key member of the team in communicating potential targets, security weaknesses, exploits, and vulnerabilities to the business and technical teams using both technical and non-technical terms that the business understands. The ideal qualified candidate will embody the following Information Security and highly technical skillsets:
- Formulate scenarios and potential attacks that a malicious attacker may use/perform in order to gain control of the Time Inc. network
- Identify, document, measure and communicate technical Information Security risks across the organization’s data networks, systems, and applications using blended toolsets and exploitation techniques to identify attack surfaces
- Conduct a variety of technical penetration testing engagements (external, internal, web application, cloud, social engineering, wireless, etc.) designed to identify where sensitive data can be obtained using unauthorized methods
- Provide security remediation validation to ensure remediation steps are effective in mitigating the possible exploitation of sensitive data and persevering the integrity and confidentiality of critical information systems
- Versed understanding of coding and scripts, and provide best coding practices in agile development model
A typical job could be breaking into a segmented secure zones, reverse engineering an application and encryption method in order to gain access to sensitive data, all without being detected. If the candidate can exploit at scale while remaining stealthy, identify and exploit misconfigurations in network infrastructure, parse various types of output data, present relevant data in a digestible manner, think outside the box, or are astute enough to quickly learn these skills, then you are what we are looking for. The candidate should have hands on development experience and should be able to at least write simple scripts/programs to automate technologies. The candidate should have good understanding of the application architecture designs, coding languages, technology integrations, emerging technologies and cloud environments. This function will require a good technical and security working knowledge to address security vulnerabilities and provide security mitigation techniques.
- 3-5 years of combined application and network penetration, AppSec, wireless security, and vulnerability management experience
- Knowledge and ability to conduct internal, external, social, wireless, and application penetration testing using a wide variety of exploitation techniques, tools, and procedures.
- Advanced knowledge and hands-on experience with attack methodologies
- Strong knowledge across all operating systems and typical exploits for each OS including being able to chain potential weaknesses together to form a complete exploit
- Strong experience with penetration testing tools such as Kali, Burp Suite, Qualys Guard, Cenzic, Metasploit, OWASP ZED, sqlmap, nosqlmap, WPScan, Nessus, NMAP, etc.
- Must be technically capable in either infrastructure environments, cloud technologies and/or DevOps concepts/tools/practices
- Must be a self-starter, able to work under pressure and with limited supervision both individually and with other team members. Must be able to work well with others in a globally and culturally diverse environment. Must be able to successfully prioritize and manage to completion multiple complex tasks and deliverables. Must be able to speak clearly to conduct teleconferences.
- Versed in three or more programming and scripting languages such as HTML5, Java, Python, Ruby, Perl, Bash, PowerShell
- GPEN, OSCP, GWAPT, CEH, or GSEC certification is preferred