Penetration Testing Staff Engineer

SonicWall is a cybersecurity forerunner with more than 30 years of expertise and is recognized as a leading partner-first company, ensuring our partners and their customers are never alone in the fight against cybercrime. With the ability to build, scale and manage security across the cloud, hybrid and traditional environments in real-time, SonicWall provides relentless security against the most evasive cyberattacks across endless exposure points for increasingly remote, mobile and cloud-enabled users. With its own threat research center, SonicWall can quickly and economically provide purpose-built security solutions to enable any organization—enterprise, government agencies and SMBs—around the world. For more information, visit  or follow us on Twitter, LinkedIn, Facebook and Instagram.

Department: Product Security / PSIRT

Overview

As a Staff Penetration Tester within the SonicWall PSIRT, you will assess the security of SonicWall's web applications, firmware, and network security products. This hands-on technical role involves performing end-to-end vulnerability assessments, penetration testing and coordinated vulnerability research across SonicWall's full product ecosystem.

Key Responsibilities:

Penetration Testing & Vulnerability Assessment

• Perform manual and automated penetration testing across web applications, firmware, and network appliances.
• Identify, exploit, and document vulnerabilities across diverse layers — from web interfaces to embedded firmware and network protocols.
• Conduct vulnerability scanning of SonicWall products, VMs, servers, and backend systems
• Execute firmware and binary analysis using tools such as IDA Pro, Ghidra, and binwalk to uncover low-level security flaws.
• Perform web and API pen testing targeting OWASP Top 10 and emerging web vulnerabilities (e.g., SSRF, deserialization, logic flaws).
• Assess firmware update mechanisms, cryptographic implementations, and secure boot processes for tampering or privilege escalation risks.
• Prepare detailed vulnerability reports including exploit paths, root cause analysis, and recommended remediations.
• You will collaborate closely with engineering, QA, and development teams to identify, validate, and mitigate vulnerabilities — ensuring SonicWall products meet the highest standards of security and resilience.
• Support PSIRT investigations, including triage of internally discovered and externally reported vulnerabilities.
• Contribute to tooling, automation, and scripts that enhance penetration testing efficiency and coverage.
• Conduct independent research on novel web, network, and firmware vulnerabilities.
• Develop internal methodologies and knowledge base for consistent test execution across product domains.
  
  

Required Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Computer or Electrical Engineering, or equivalent experience.
• 5+ years of experience in penetration testing, red teaming, or vulnerability research.
• Strong understanding of network protocols, web application security, and firmware architectures.
• Proficiency with tools such as Burp Suite, Nmap, Nessus, Metasploit, IDA Pro, Ghidra, binwalk, Scapy, Wireshark, and OWASP ZAP.
• Working knowledge of web technologies (HTTP/S, REST, TCP/IP, DNS, SMTP), Linux internals, and scripting languages (Python, Bash, PowerShell).
• Ability to perform source code reviews in C/C++, Java, C#, or Python for security flaws.
• Strong communication skills — capable of presenting technical findings to both engineers and management.
• High attention to detail, strong analytical thinking, and self-driven approach to testing complex environments.
  
  

Preferred Qualifications

• Certifications: CEH, OSCP, GPEN, GWAPT, OSWE, GREM, or equivalent.
• Experience with secure development lifecycle (SDLC) integration and DevSecOps automation.
• Familiarity with exploit development, fuzzing frameworks (boofuzz, Peach), or custom test harnesses.
• Understanding of cryptographic mechanisms, secure boot, and firmware validation.
• Prior experience contributing to CVE reporting or vulnerability disclosure programs (VDP/bug bounty).

#LI-NR5

#LI-Hybrid 

SonicWall is an equal opportunity employer.  

We are committed to creating a diverse environment and are an equal opportunity employer. All qualified applicants receive consideration for employment without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.

At SonicWall, we pride ourselves on recruiting a diverse mix of talented people and providing active security solutions in 100+ countries.

Applicant Privacy Notice