-
Job Description
POS-26030
The Hub Spot Threats and Vulnerabilities team protects our customers by systematically reducing Hub Spot's attack surface and improving the maturity of Hub Spot's Product Security.
We create this path forward by mapping out Hub Spot's defences, identifying and prioritizing improvements based on threat intelligence, and testing our applications and infrastructure to find and fix weaknesses.
The team comprises highly skilled individuals experienced in the security and development of Cloud services.This team provides support and guidance across Hub Spot's Product and Security organizations.
We are looking for experienced engineers from diverse backgrounds to augment the team's skill set and offer new perspectives on security and risk and how they relate to Hub Spot's program.
In this role you will:
Continuously measure Hub Spot's application security defences, highlighting areas of strength and weakness
Provide security-focused recommendations based on threat intelligence and vulnerability assessments
Participate in red team exercises to find weaknesses in Hub Spot's products and tools
Maintain knowledge of the latest vulnerabilities, exploits, and the evolving threat landscape and distil that knowledge to other groups within Hub Spot
Manage programs for bug bounty and internal and external penetration testing, ensuring vulnerabilities are identified and mitigated
Act as an escalation point for security incidents that require the specialized knowledge of this team
Conduct research on campaigns and actors through technical analysis of data
Drive projects and improvements that improve Hub Spot's Security and Privacy controls within the Product Organization and beyond
We are looking for people who have:
5 or more years experience in application security, threat Intelligence or incident response
Previous involvement in red teaming, adversary emulation, or penetration testing
Experience working with at least one programming language (Java, C#, Python etc)
Understanding of secure development practices, public cloud, and network security
Familiarity with security monitoring tools and investigation tools such as Splunk and Kibana
Ability to communicate information about security and risk to a diverse audience
#J-18808-Ljbffr