At XPO Logistics, we invest over $450 million in technology every year so that we can continue to develop state-of-the-art solutions for our customers. Are you a seasoned security professional who understands the risks and threats facing us as technology changes? As the IT Security Engineer – Penetration Tester, your focus will be on offensive security tactics and assessments. You will be responsible for intermediate wired network and wireless penetration tests, OWASP Top 10 web application penetration tests and communicating results to security engineers, project managers and executive-level management. This role is critical in positioning XPO for long-term success.
Pay, benefits and more.
We are eager to attract the best, so we offer competitive compensation and a generous benefits package, including full health insurance (medical, dental and vision), 401(k), life insurance, disability and the opportunity to participate in a company incentive plan.
What you’ll do on a typical day:
Gather key information, including registration data, operating system, patch and service version information, and system and application configurations
Conduct penetration testing on networks, systems, applications, mobile, traditional web and wireless functionalities
Make real-world attempts at compromising systems, applications and mobile security to gain access to resources or disrupt and exploit system services
Determine the level of impact of different scenarios surrounding someone with malicious intent attempting to gain unauthorized entry into the network
Research new threats, attack vectors and risks
Verify the security findings from other members of the penetration testing team
What you need to succeed at XPO:
At a minimum, you’ll need:
Certifications such as GCIH, GPEN, OSCP, GCED, GCFA, GCIA, CISSP, etc.
5 years of experience in information security and systems
1 year of experience in network penetration testing, application security and automated information security penetration tools
Experience using Open Source and COTS tools for penetration testing, which could include Nmap, Nessus, Metasploit, Kali Linux, Burp Suite Pro and similar; experience with exploiting web application and web services security vulnerabilities, including cross-site scripting, cross-site request forgery, SQL injection, XML/SOAP and API attacks
OSINT and social engineering engagement experience
Experience in common scripting languages, such as Python, Ruby, LUA, PowerShell or BASH
Strong familiarity with multiple operating systems, databases, applications and platforms; working understanding of HTML and common web application frameworks; understanding of SQL, XSS, CSRF, XXE and other trends in web exploitation
Background in security architecture, including knowledge of IT network security and cloud-based technologies; understanding of fundamental cloud computing security concepts; knowledge of the latest security threats, techniques and exploits targeting vulnerabilities
It’d be great if you also have:
Ability to develop detailed penetration testing reports that can speak to multiple audience types
Proven track record of successfully delivering business requirements within time and budget constraints
Strong knowledge of data and information flows, information governance and network protocols
Appreciation of wider information security-related principles, likely to be gained during industry experience or from a consultancy background
Be part of something big.#LI-CM2
XPO provides cutting-edge supply chain solutions to the world's most successful companies, including Disney, Pepsi, L'Oréal, Toyota and many others. We’re the fastest-growing transportation company on the Fortune 500 list and we’re just getting started.
We are proud to be an Equal Opportunity/Affirmative Action employer. Qualified applicants will receive consideration for employment without regard to race, sex, disability, veteran or other protected status.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified. All employees may be required to perform duties outside of their normal responsibilities from time to time, as needed.