Incident Response Pentest Engineer II

Overview

Esri has an exciting opportunity for you in a fast-paced, highly collaborative technical environment. As a globally responsible player for security of Esri software products, Esri’s Software Security & Privacy team handles security and privacy incident investigations, digital forensics, vulnerability life cycle management and fix coordination for the entire ArcGIS System.

As an Incident Response Pentest Engineer, you will be part of a single-point-of-contact team that digs into security and privacy incidents and takes on detailed problem solving related to product security and privacy issues. You will have the opportunity to drive continuous improvement in security and privacy while working adjacently to Esri development and product teams. You will serve a vital and rewarding role by ensuring and improving the security of the solutions Esri creates.

Responsibilities

• Actively hunt for bugs in Esri software using various static code analysis, dynamic analysis, 3rd party component analysis, vulnerability variant analysis and pen testing tools (BurpSuite, OneFuzz, Metasploit, and more)
• Use your skills and experience to provide feedback regarding testing tools and to Esri’s cross product Security Champions to enable systemic and consistent issue identification
• Investigate, document, track, and remediate third party and open-source components
• Collect and report metrics for vulnerabilities discovered, for example: CWE details, OWASP top 10, SANS 25, CVSS
• Provide data driven security improvement recommendations which balance customer and Esri operational needs
• Collaborate with product teams and contribute to security best practice technical papers, security advisories and blogs

Requirements

• 2+ years of software security experience including vulnerability management, cloud, mobile, and desktop and web application security
• Experience with various application security tools - Static code analysis, dynamic code analysis, vulnerability scanning, pen testing tools and techniques
• Strong understanding of common classes of product security vulnerabilities (such as OWASP Top 10/SANS top 25/CWE) and attack/defense methodologies
• Proven ability to work collaboratively and remotely with others to accomplish complex goals
• Experience with vulnerability management and proactively identifying vulnerability mitigation strategies
• Bachelor’s degree in computer science or related field

Recommended Qualifications

• Master’s degree in computer science or related field
• Cloud and/or security industry certifications
• Experience with web and mobile application security (ideally including Esri products).
• Scripting skills (such as Python/Perl/Ruby, shell scripting) or development experience (Java/C++/Python)

About Esri

Our passion for improving quality of life through geography is at the heart of everything we do. Esri’s geographic information system (GIS) technology inspires and enables governments, universities, and businesses worldwide to save money, lives, and our environment through a deeper understanding of the changing world around them.

Esri is an equal opportunity employer (EOE) and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

If you need a reasonable accommodation for any part of the employment process, please email askcareers@esri.com and let us know the nature of your request and your contact information. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this e-mail address.

Esri’s competitive total rewards strategy includes industry-leading health and welfare benefits: medical, dental, vision, basic and supplemental life insurance for employees (and their families), 401(k) and profit-sharing programs, minimum accrual of 80 hours of vacation leave, twelve paid holidays throughout the calendar year, and opportunities for personal and professional growth. Base salary is one component of our total rewards strategy. Compensation decisions and the base range for this role take into account many factors including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

A reasonable estimate of the base salary range is $81,120.00 - $141,440.00.

#IND1