Security Testing Engineer - Penetration Tester

The Security Testing teams mission is to partner with Atlassian internal teams globally to provide innovative and holistic security testing to secure Atlassian products, platforms and customers. This role supports Atlassian's security team, Engineers and Customers by performing high quality penetration testing on our software, platforms and services.
This role supports Atlassian's security team, Engineers and Customers by providing world class technical assurance of our software, platforms and services through high quality manual penetration testing and code review.
Working at Atlassian
Atlassians can choose where they work - whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.
You will support others in technically validating the state of Atlassian's technical security controls, working closely with both our security and engineering teams. You enjoy vulnerability hunting and get excited when you find vulnerabilities that typical automated toolsets can't. You must have a strong ability to work with colleagues to understand our products and then come up with ways to strengthen security.
Since we work closely with our product engineering teams, the ability to read and understand code is very important. Our products are built using a number of different languages but Java, Go, and Python are the most common.
On your first day, we'll expect you to have:

• 3+ years working in a penetration testing/appsec/manual code review role
• Strong understanding of web application security
• Experience in cloud security architecture and infrastructure
• Experience coding in Java, Python, or Go, and at least one scripting language
• An ability to reason about security decisions
• Experience leading projects from start to finish and mentoring other security practitioners
• Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams

It's great, but not required, if you have:

• Submitted bug bounty reports to third party companies
• Published contributions to the security community
• Certifications: OSCP, OSCE, OSWE, CREST CRT, GPEN
• CVE's to your name
• Presentation experience at industry events
• Developed security tools
• Experience working with compliance, privacy, IT, networking or related functions

Benefits & Perks
Atlassian offers a wide range of perks and benefits designed to support you, your family and to help you engage with your local community. Our offerings include health and wellbeing resources, paid volunteer days, and so much more. To learn more, visit go.atlassian.com/perksandbenefits .
About Atlassian
At Atlassian, we're motivated by a common goal: to unleash the potential of every team. Our software products help teams all over the planet and our solutions are designed for all types of work. Team collaboration through our tools makes what may be impossible alone, possible together.
We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.
To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team during your conversation with them.
To learn more about our culture and hiring process, visit go.atlassian.com/crh .