Atlassians can choose where they work – whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.
Role Specifics
Do you love penetration testing, application security and uplifting programs and capabilities? We’re looking for a Principal Security Testing Engineer to work closely with the Security Testing Manager to build the Security Testing team and capability. You will be the Technical SME, drive process improvements, and equip the team with the latest tools techniques and methodologies to find meaningful vulnerabilities which off-the-shelf tools won’t.
As the principal Security Testing Engineer you will be responsible for penetration testing and manual code review across Atlassian’s vast footprint. You will lead others to validate the state of Atlassian’s technical security, working closely with our security teams and leadership groups.
More about our team
We are a growing security team committed to protecting the security of our customers and of Atlassian itself. You will be part of the Security Testing team whose mission is to partner with internal teams to provide innovative and holistic security testing solutions to secure Atlassian products, platforms and customers.
Our Security Testing team:
Love pen testing & code review
Enjoy working together
Love sharing knowledge (and learning from others)
Have great communication skills
Are keen to contribute to the efforts of a larger security team
Enjoy building as much as breaking
This role supports Atlassian’s security team, Engineers and Customers by providing world class technical assurance of our software, platforms and services through high quality manual penetration testing and code review. The principal security testing engineer will be responsible for establishing and growing a team of penetration testers based out of our Bangalore office.
Role Experience
Day-to-day this person will be:
Providing SME knowledge and guidance to a team of pen testers/code review
Continuing to mature pen testing/code review workflows
Identifying and recruiting top-class penetration testing talent
Supporting and guiding the growth of a India based penetration testing team
Analysing vulnerability data for trends and gaps in controls
Biggest challenges: staying current; maturing talent; managing pipeline; recruiting top-tier talent
Early Success
Identifying significant vulnerabilities in Atlassian products prior to production deployment
Building contacts in the Atlassian engineering team, product team and security team
Building and leveraging existing contacts to identify potential talent to join the team
Establishing testing processes in the local team that complements and extends existing processes
Identifying insights which contribute to strategic investments
Maturing holistic security testing plays/processes
Future Success
You will have established a team of 5-7 highly talented penetration testers
The team will be fully integrated with the global team in providing high-quality testing
You will work hand-in-glove with your peers to proactively identify where security testing can be applied to new and existing product features and development pipelines
6+ years penetration testing experience in a consultancy, dedicated internal pentesting team, or similar offensive security function
2+ years experience as an offensive security team lead
Strong experience in white-box application security testing; bonus if in Java
Full stack application security technical experience
Delivery focused
Experience mentoring junior penetration testers
On your first day, we'll expect you to have:
The ability to complete a penetration test and code review of a modern cloud application
Experience leading security teams on complex penetration testing engagements
Strong, practical understanding of security testing methodologies, supporting infrastructure requirements and legal considerations
Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams
Worked in a principal penetration testing/application security role
Strong application security experience
Experience with program development and uplift
Affinity for growing teams and helping people succeed
It's great, but not required, if you have:
CVE’s to your name
Contributions to open source security or penetration testing tools
Delivered industry presentations
Public write ups or blogs of vulnerabilities you have identified
Certifications, notably: OSWE, OSCP, OSCE, or CREST CRT, or GPEN
Comfortable operating in AWS, Azure, and/or GCP
Our perks & benefits
Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit go.atlassian.com/perksandbenefits.
About Atlassian
At Atlassian, we're motivated by a common goal: to unleash the potential of every team. Our software products help teams all over the planet and our solutions are designed for all types of work. Team collaboration through our tools makes what may be impossible alone, possible together.
We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.
To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team during your conversation with them.
To learn more about our culture and hiring process, visit go.atlassian.com/crh.