Bloom Energy Offensive Security team reduces cyber risk by uncovering vulnerabilities and weaknesses in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios.
As the Senior Manager, Penetration Testing team, you'll be a hands-on leader leading all Bloom Energy's Security Assessments and Penetration Testing efforts. The goal of the Penetration Testing and Security Assessment group is to proactively identify and remediate security vulnerabilities in Bloom's products, applications, and infrastructure. You'll develop remediation strategy and counter measures for identified vulnerabilities. You'll work very closely with all the key departments within Bloom to ensure that they remain secure while they deliver new products and infrastructure.
Responsibilities
- Conduct Penetration testing (50-75% of the role) to identify and mitigate security vulnerabilities - networks, systems, and product.
- Lead and oversee the Security testing of our product, API, cloud, enterprise network, and Infrastructure, ensuring that assessment activities are successfully completed on-time and communicated to stakeholders and management.
- Lead technology assessments including penetration testing, red teaming, purple testing, and technical assessments related to data security, cloud/on-prem infrastructure, data protection, network security, secure coding, APIs, web applications, and Internet of Things (IoT)/Operational Technology(OT).
- Understanding of cryptography, authentication, authorization, network security protocols, and application security.
- Manage and guide the Technology & IT Audit/Security testing strategy, plan and execution in conducting all aspects of our projects including, but not limited to, the development of assessment scope and objectives, development of risk and control matrix, testing approach, handling key communications, audit deliverables, and monitoring issue remediation efforts.
- Analyze vulnerabilities in the context of business impact and provide actionable mitigation strategies and counter measures.
- Contribute during leadership meetings on the department's strategy, processes, and approaches, demonstrating strong security, testing, and audit domain knowledge. Partner with management to improve effective identify risks and improve the control environment.
- Demonstrate thought leadership for current and emerging technology topics including cybersecurity, DevOps, IoT/OT, and data governance.
- Ensure that all team deliverables are of high-quality through high-engagement, detailed oversight, direct involvement, and thought leadership.
- Develop, coach, and mentor a high-performing penetration testing team through hiring, oversight, training, and timely and candid performance feedback.
Qualifications
- Bachelor's degree in engineering, Computer Science, Information Technology, or related field.
- 10+ years of related work experience.
- 3+ years of management/leadership experience.
- Experience in delivering and leading penetration testing activities, red teaming, purple teaming, web application assessments, technical assessments, information technology audits, network and system implementation reviews, and advisory projects.
- Hands-on experience with enterprise-grade tools such as Burp Suite, Nmap/Nessus, Metasploit, BloodHound and Kali Linux.
- Experience in managing teams, delivering high-quality technical assessment work products, and communicating effectively with various partners (e.g., external/internal stakeholders, senior management, etc.).
- Familiarity with information technology, business processes and financial reporting audits and familiarity with control frameworks such as NIST, ISO, SANS, CIS, SOX, and global data privacy laws (e.g. GDPR, CCPA, CPRA).
- Proven leadership skills and a tendency to lead through influence, lead by example, build relationship and collaborate.
- Professional credentials preferred (CISSP, OSCP, CEH, or comparable).
