As a member of the Product Security Penetration Testing team, you'll be responsible for finding vulnerabilities before the bad guys do, and raising the security bar across our suite of products. We are looking for a motivated, passionate security researcher who has a broad base of offensive security knowledge.

Our ideal candidate wakes up each morning thinking about new ways to abuse and break software. Their goal is to identify relevant security risks and help the business understand them so they can build effective defenses and protect Snowflake customers and their data.

• Perform penetration testing engagements against a diverse cloud environment and find vulnerabilities in software, systems, and networks
• Develop tools, methodologies and infrastructure to support penetration testing engagements in a variety of cloud environments and novel platforms
• Set scope, objectives, and timelines for penetration testing engagements and leverage data to create useful metrics
• Work with security and engineering teams to communicate findings, recommendations, and knowledge to key stakeholders
• Play a leadership role in building an App Sec program that has a wide scope and impact

• 5+ years experience pen testing services deployed in public cloud infrastructure
• Solid understanding of modern cloud technology components and deployment patterns: virtual machines, containers, Kubernetes, serverless, infrastructure as code, etc.
• Expert understanding of software security architecture and design, threat modeling, code review, and mitigations for common application security issues
• Knowledge of web and security protocols: HTTP, REST, CSP, CORS, OAuth
• Deep familiarity with current offensive security practices, bug bounty programs, CTFs, fuzzing, and other pen test tools and techniques
• Demonstrated ability to collaborate with other teams to achieve complex objectives

• 7+ years experience working in an information security discipline
• Ability to find and exploit bugs in:
• C++, Java, JavaScript, Go, and Python
• Kubernetes, AWS, GCP, or Azure
• Memory management, namespaces, cgroups, etc.
• Prior experience working in a high growth, cloud native technology company
• Fluency in one or more programming or scripting languages: Java, Python, C++, Go
• Have read and are capable of implementing ideas from "Site Reliability Engineering", "Building Secure & Reliable Systems", or "Engineering Trustworthy Systems"
• Contributions to the security community, such as open source tools, research papers, conference talks, etc.

Every Snowflake employee is expected to follow the company's confidentiality and security standards for handling sensitive data. Snowflake employees must abide by the company's data security plan as an essential part of their duties. It is every employee's duty to keep customer information secure and confidential.

The following represents the expected range of compensation for this role:

• The estimated base salary range for this role is $163,000 - $241,500.
• Additionally, this role is eligible to participate in Snowflake's bonus and equity plan.

The successful candidate's starting salary will be determined based on permissible, non-discriminatory factors such as skills, experience, and geographic location. This role is also eligible for a competitive package that includes: medical, dental, vision, life, and disability insurance; 401(k) retirement plan; flexible spending & health savings account; at least 12 paid holidays; paid time off; parental leave; employee assistance program; and other company benefits.

Snowflake is growing fast, and we're scaling our team to help enable and accelerate our growth. We are looking for people who share our values, challenge ordinary thinking, and push the pace of innovation while building a future for themselves and Snowflake.

How do you want to make your impact?