Job Description

At Pitney Bowes, we do the right thing, the right way. As a member of our team, you can too.We have amazing people who are the driving force, the inspiration and foundation of our company. Our thriving culture can be broken down into four components: Client. Team. Win. Innovate.We actively look for prospects who:

• Are passionate about client success.
• Enjoy collaborating with others.
• Strive to exceed expectations.
• Move boldly in the quest for superior and best in market solutions.

:Join Pitney Bowes as a Senior Penetration Tester - Red TeamYears of experience: 10+ yearsJob Location - PuneImpactPitney Bowes Information Security is looking for a highly motivated, experienced, and skilled specialist to join the Red team. The security testing team protects Pitney Bowess data, and brand by identifying vulnerabilities and threats to our organization through the use of pen testing, red teaming and simulated cyber security attacks.This is a key member of the Security Testing team, and will lead efforts in planning, developing, and executing pen tests and adversarial exercises against our networks, systems, applications, and users. The Senior Tester will work with internal and external groups to lead communications around risks identified throughout Pitney Bowess environment. This role will make a difference by working with Pitney Bowess defenders (Purple Teaming) to secure our organization against current and emerging threats.
The ideal candidate will have advanced experience performing penetration tests against systems, applications, and networks, and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans.The JobThis is a key member of the Advanced Security Testing team, and will lead efforts in planning, developing, and executing adversarial exercises against our networks, systems, applications, and usersThe Senior Tester will work with internal and external groups to lead communications around risks identified throughout Pitney Bowes environment.This role will make a difference by working with Pitney Bowes defenders (purple teaming) to secure our organization against current and emerging threatsProvide leadership on the latest critical information security vulnerabilities, threats, and exploits, as they apply within the Pitney Bowes environment.Develop and implement red team methodology to assess risk within Pitney Bowes networks, systems, applications, and usersPerform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in Pitney Bowes environment and monitoring/response programsAssist in the management and development of command and control (C2) infrastructureDevelop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managersProvide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including Pitney Bowes SOC and junior team staff membersIdentify enhancements to tools, standards, and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security programPerform web and IOT application security assessments, as needed including tasks such as:Performing security assessments for Pitney Bowes applications across the enterpriseStatic & dynamic application security testing and/or penetration testing of applicationsAuditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilitiesQualifications & Skills requiredBachelors degree and 10 years experience with direct enterprise-level red team and/or penetration testing experienceHands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open-source toolsHands-on experience with command and control (C2) best practices, infrastructure, beacon deployment and management.The ideal candidate should have experience with security protocols and/or technologies such as REST APIs, Burp Suite /ZAP, Kali Linux, Nmap, Metasploit, Powersploit, Lolbins etc.Candidate must understand security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CKThe candidate should be able to automate tasks in Python, bash, Java, Terraform etc.Have a strong understanding of attacks in AWS, OAuth etc.Have experience using secure development frameworks (i.e. OWASP Top 10, SANS Top 25 and Microsoft SDL).Nice to have - You are proficient in bypassing and tuning security technologies (i.e. Anti-Malware, IDS, DLP, FIM, Firewalls, SIEM, MFA, Web Proxies and WAF).Adept at communicating concepts to diverse audiences with varying skill setsRelevant certifications such as OSCP, OSWP, GPEN are strongly preferredStrong Knowledge of the following:Operating systems (including Windows, Linux, Unix, and MacOS)Networking fundamentals and technologies like Zero Trust a big plusCloud security a big plusApplication architectures and technologiesPenetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration.About Pitney BowesPitney Bowes (NYSE:PBI) is a global technology company providing commerce solutions that power billions of transactions. Clients around the world, including 90 percent of the Fortune 500, rely on the accuracy and precision delivered by Pitney Bowes solutions, analytics, and APIs in the areas of ecommerce fulfillment, shipping and returns; cross-border ecommerce; office mailing and shipping; presort services; and financing. For 100 years Pitney Bowes has been innovating and delivering technologies that remove the complexity of getting commerce transactions precisely right. For additional information visit Pitney Bowes at .Only Talent Matters at Pitney BowesPitney Bowes is an equal opportunity workplace. To remove unconscious biases from our hiring process, we encourage Blind Applications from candidates applying for jobs at Pitney Bowes. This means that details such as gender, caste, religion, nationality, and age are omitted from applications. And candidates can choose to reveal only their first or last name on the application.Watch the video here:Watch the videos below for more information about Life at Pitney Bowes:We will:

• Provide the will: opportunity to grow and develop your career
• Offer an inclusive environment that encourages diverse perspectives and ideas
• Deliver challenging and unique opportunities to contribute to the success of a transforming organization
• Offer comprehensive benefits globally ( )

Pitney Bowes is an equal opportunity employer that values diversity and inclusiveness in the workplace.All interested individuals must apply online.

Pitney Bowes