Senior DevSecOps Engineer

Overview

Intuit is a mission-driven, global financial platform company that gives everyone the opportunity to prosper. With products like TurboTax, QuickBooks and Mint, we're using technology to build solutions to challenging financial problems for millions of people around the world.

Intuit's Adversary Management team is looking for a DevSecOps Engineer that specializes in big data, platform development, and integration. Are you experienced and passionate about achieving cyber resilience? Are you excited about working on security abuse cases and want a deeper understanding of a cyber attacker's mindset? We are Intuit's active defense capability using Big Data, AI & Machine Learning to derive adversary insights, threat hunt aggressively, and red team with precision. Be a part of our mission and take your career to a whole new level with Intuit Information Security!

What you'll bring

• 6+ years of experience in an offensive security role
• Knowledge of bypassing multiple security technologies such as firewalls, IDS/IPS, Web Proxies and DLP among others
• Experience with developing proof of concept exploits
• Ability to perform targeted exploitation using automated and manual TTP's
• Experience with Python, or similar scripting language
• Experience with NMap, BurpSuite, Metasploit, Wireshark
• Proven results utilizing vulnerability scanning and penetration testing tools and techniques
• Proven working experience with one or more Cloud Computing solution (AWS, GCE, Azure, etc)
• Proficiency with hacking enterprise operating systems, including Linux and Windows
• In-depth knowledge of TCP/IP networking and packet analysis
• Proven ability to have multiple projects and deadlines simultaneously
• Ability to identify and evaluate risk to IT systems and communicate risks to management

Preferred Skills/Experience:

• Experience participating as a member of a red team
• Experience with compiled programming languages (Java, C++, Go, etc)
• Ability to work with large data sets and Python preferred
• Android/iOS testing or programming experience
• BS/MS in Computer Science, Cybersecurity, or related field
• Professional level certifications related to Red Teaming/Penetration Testing (OSCP, GPEN, GWAPT, etc)

How you will lead

How you will lead:

• Design, prototype and develop security applications and integrations supporting the data and ticketing needs of the Adversary Management capabilities.
• Build standards for ingesting and storing petabytes of security data and its utilization in security data lake applying long term retention policies.
• Design/develop apps, API's, and Big Data pipeline integrations with Big Query, ServiceNow, JIRA, PagerDuty, Slack, Salesforce, etc.
• Optimize correlation and discovery of high fidelity issues so that teams can rapidly keep track of their cyber resilience.
• Develop efficient process and flow of outcomes so that service consumers can easily leverage data and insights to improve.
• Automate for impact to ensure scalability and delivery of threat information, control gaps, security defects and incidents.
• Lead by example, demonstrating best practices for Agile Development, unit testing, CI/CD, performance testing, capacity planning, documentation, monitoring, alerting, and incident response.
• Serve as technical go to person for our core technologies GCP and AWS data ingest pipeline, GCS and Big Query data sources and developed integration services.
• Demonstrate strong implementation aptitude to translate objectives into a scalable solution to meet the needs of the end customer while meeting deadlines.
• Demonstrate commitment to your professional development by attending and speaking at conferences, taking training classes, giving technical presentations, and participating in developer and security communities inside and outside of Intuit.
• Act in a technical leadership capacity: Mentor junior engineers, new team members, and apply technical expertise to challenging programming and design problems.
• Work cross-functionally within Adversary Management organization as well as teams across Intuit: Architecture, Product Management, QA/QE, product development, and business unit security teams to drive forward results.
• Gather functional requirements, develop technical specifications, and build prototypes and proofs of concepts (POC's).
• Communicate progress across organizational levels clearly and in actionable form.
• Roughly 70-85% hands-on coding