| Accelerate your career at RXOCompensation for this role is $120,000-145,000 The role may also be eligible for bonus or commission pay. Actual compensation may vary due to factors such as experience and skill set.RXO is a leading provider of transportation solutions. With cutting-edge technology at the center, we're revolutionizing the industry with our massive network and commitment to finding solutions for every challenge. We create more efficient ways for shippers and carriers to transport goods across North America.
 As a Lead Ethical Hacker on the Threat and Vulnerability Management team at RXO, you'll play a critical role in driving offensive security engagements-specifically focusing on application security, web application testing, and red teaming. You will perform in-depth assessments of applications and cloud environments to identify security risks and help build a more secure enterprise. What your day-to-day will look like: 
 Run investigations gathering key information about application architectures, APIs, and code flows to support effective testing and offensive security engagementsConduct detailed application-layer penetration testing of web, mobile, API, and containerized applications-targeting OWASP Top 10 risks, business logic flaws, input validation, and authenticated scenarios such as role-based access control.Simulate real-world attacks targeting applications, APIs, and business logic to demonstrate risk through exploitation and lateral movement within application ecosystemsDetermine the potential impact of exploiting application-level vulnerabilities and misconfigurations that could lead to unauthorized access or data exfiltrationLead research into new web application vulnerabilities, cloud-native threats, and evolving attack vectors used against modern application stacksReview and verify findings from peers, focusing on validating web application and API vulnerabilities and identifying false positivesBrainstorm, strategize, and plan multi-phase Red Team engagements with an application-first mindset-emulating adversaries targeting application entry pointsDocument and communicate findings in a way that aligns with development and DevSecOps teams, providing clear remediation steps rooted in secure coding practices What you'll need to excel: At a minimum, you'll need: It'd be great if you also have: 
 Experience working with AI and machine learning systems, including assessing the security of AI/ML-based applications, models, and pipelines, and identifying vulnerabilities across these environments.One or more offensive security certification(s) such as OSCP, OSCE, GWAPT, GPEN, eWPT, eCPPT, etc. Strong experience in web application penetration testing and application-layer attack techniques Hands-on experience with Burp Suite Pro, OWASP ZAP, Postman, SQLMap, and similar tools Familiarity with .NET and Java-based web applications, including secure coding and common vulnerabilities Experience testing cloud-based environments (AWS, Azure, GCP), especially in containerized or serverless architectures Solid understanding of OWASP Top 10, OWASP ASVS, and secure software development lifecycles Proficiency in scripting and automation using Python, PowerShell, or BashFamiliarity with frameworks such as MITRE ATT&CK, Cyber Kill Chain, etc. Experience with Red Team tools like Cobalt Strike, Core Impact, and advanced simulation frameworks Does this sound like you? Check out what else RXO has to offer. Why Join Us:  Our Benefits  
 Competitive payPaid time off includes: up to 8 holidays, up to 2 floating Diversity Days, Hourly: Earn up to 13 days PTO/ Salary: Earn up to 15 days PTO, up to 40 hours bereavement leave, up to 16 hours volunteer time, jury duty, at least 2 weeks family bonding leave, up to 40 hours prenatal care leave 401(k) retirement plan with up to 5% company matchInsurance: health, prescription, dental, vision, basic and supplemental life, short and long-term disability, accidental death and personal loss, business travel, legal services, ID theft, accident, critical illness, hospital indemnity Employee Assistance Program (EAP)Tuition reimbursement, adoption assistanceTax-Advantaged Accounts: Health Savings Account, Health Care Flexible Spending Account, Dependent Care Flexible Spending Account, Commuter Spending AccountHealth Reimbursement Arrangement Our Culture Our values are the key to our unique culture and our ability to deliver for everyone we serve. We do great things when we are inclusive and work together. To perform with excellence, we learn from one another, value diverse perspectives, operate safely and build strong relationships.  The Next StepReady to join our team? We'd love to hear from you. Fill out an application now and join our talent community to learn about future opportunities. We are proud to be an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. All applicants who receive a conditional offer of employment may be required to take and pass a pre-employment drug test. The above statements are not an exhaustive list of all required responsibilities, duties, and skills for this job classification. Review RXO's candidate privacy statement here and RXO's Privacy Notice to California Job Applicants here
 |