Security Engineer, Offensive Security

About Us: 

Thrive is a rapidly growing technology solutions provider focusing upon Cloud, Cyber Security, Networking, Disaster Recovery and Managed Services.  Our corporate culture, engineering talent, customer-centric approach, and focus upon “next generation” services help us stand out amongst our peers.  Thrive is on the look-out for individuals who don’t view their weekdays spent at “a job”, but rather look to develop valuable skills that ignite their passion and lead to a CAREER.  If you’re attracted to a “work hard, play hard” environment, seeking the guidance, training and experience necessary to build a lucrative career, then welcome to THRIVE!! 

Position Overview: 

Thrive is looking for a security engineer to join our Offensive Security team.  This team focuses on advanced vulnerability management and Pentesting as a service and delivers strategic security insights to clients based on the findings of these services. This role will own the delivery of these services ensuring client satisfaction, timely and complete service delivery. The Manager will work closely with the team to ensure the services are being delivered to clients effectively, drive automation initiatives to help scale the services, and stay on top of industry’s best practices as well as new features available from the tools. Additionally, the Manager will act as an escalation point for internal teams at Thrive and the primary security contact for these services for the clients. This leadership position requires a strategic thinker with a commitment to maintaining high security standards and fostering client trust in our cybersecurity capabilities. 

Primary Responsibilities: 

• Execution and analysis of vulnerability scans and determining remediation steps 

• Execution and analysis of Penetration Tests (manual and autonomous), writing reports, and delivery of reports to client stake holders. 

• Lead client meetings, offering expert advice and guidance as needed. 

• Collaborate with clients to understand their business needs and requirements to best align remediation requirements to business outcomes. 

• Creation and ongoing upkeep of materials documenting our security processes, procedures, and technologies, along with the generation of automated reports for relevant stakeholders. 

• Update client Security presentations and discuss findings with our clients. 

• Maintain a leading edge on security events and techniques to keep our clients aware of new threats and attack techniques. 

• Other duties as required. 

Qualifications: 

• Solid understanding of network protocols, operating systems, application layer protocols, and security best practices.  

• Understanding cybersecurity threats, and experience with incident response standards and procedures. 

• Ability to communicate security information to non-technical people. 

• Has a passion for Cyber Security.  

• Demonstrates comprehension of good security practices 

• Knowledge of risk assessment tools, technologies and methods 

• Knowledge of penetration testing methodologies, frameworks, and tools 

Required Skills: 

• Ability to analyze a large amount of data from various sources and use this information to solve complex problems and make good decisions. Must be able to work effectively in a team environment and collaborate within the team and other stakeholders. 

• Excellent Written and Verbal Communication Skills 

• Computer Networking & Security 

• Vulnerability Discovery and Analysis 

• Operating System Internals 

• Familiarity with TCP/IP network protocols, application layer protocols (e.g., HTTP, SMTP, DNS, etc.). 

• 3-5 years of experience executing penetration tests, writing reports and delivering report debriefs to clients.  

Preferred Skills: 

• Knowledge of common Windows and Linux/Unix system calls and APIs 

• Working knowledge of pentesting tools, such as Burpsuite, Metaspliot framework, Caido 

• Knowledge of programming and/or scripting languages (i.e. Python) 

• One or more of the following certifications or other relevant certifications: eJPT, PJPT, PenTest+, OSCP, GPEN, PNPT, CEH, Security+