Life at UiPath
The people at UiPath believe in the transformative power of automation to change how the world works. We’re committed to creating category-leading enterprise software that unleashes that power.
To make that happen, we need people who are curious, self-propelled, generous, and genuine. People who love being part of a fast-moving, fast-thinking growth company. And people who care—about each other, about UiPath, and about our larger purpose.
Could that be you?
Your Mission
UiPath is looking for a Senior Penetration Tester to help and grow the security
assessment function related to its products, online and corporate infrastructure. This is a deeply technical role which implies developing and applying formal security centric assessments against existing and in-development UiPath products as well as UiPath’s online and corporate IT environment. The person in this role may also assist in investigating security incidents. The Penetration Tester will work with stakeholders (security team peers, software engineers/developers, corporate IT staff, Site Reliability Engineers, Cloud Operations staff), and is responsible of detailing and executing the testing plans and strategies, while also building clear and concise reports.
A successful Penetration Tester at UiPath is a self-starter, with strong analytical and problem-solving skills. The ability to maneuver in a fast-paced environment is critical, as well as handling ambiguity coupled with a deep understanding of various security threats. As a true owner of security in UiPath, great writing skills are needed, coupled with the ability to interact with stakeholders across multiple departments and teams. The Senior Penetration Tester acts as a mentor for technical peers and can transpose testing strategies and results in high level non-technical language.
What You'll Do At UiPath
- Penetration testing on products, online and IT infrastructure
- Assist in investigating security incidents
- Recommendation of threat mitigations
- Security training and outreach to internal development teams
- Security guidance documentation
- Security tool development
- Security metrics delivery and improvements
- Assistance with recruiting activities
What You'll Bring To The Team
- Bachelor's Degree in Computer Science or related field, or equivalent work experience
- Solid understanding of Web Application penetration testing
- Minimum of 7 years of experience with penetration testing at application and infrastructure layer
- Minimum of 5 year of experience in working with developers, with personal skills in coding/scripting
- Good understanding of cyber-attack tools and techniques
- Good knowledge of attacking services hosted in cloud (Azure, AWS, GCP)
- Experience writing POCs for discovered vulnerabilities
- Good knowledge of operating system, network and database security
- Advanced knowledge and understanding of web application security
- Experience using various penetration testing tools (such as, BurpSuite, Metasploit, Nessus, etc.)
- Ability to dive deep into problems and strong analytical and skills
- Understanding of networking and communication protocols (such as TCP/IP, UDP, SSL/TLS, IPSEC, HTTP, HTTPS)
Nice to have
- Understanding of cryptography, web service frameworks
- Experience with vulnerability research, bug bounty programs (HackerOne, BugCrowd, etc) and CTF contests
- Experience with .Net, javascript, C#, Java and python for scripting
- Ability to automate and script your findings
- Professional certification: OSCP, OSWE or equivalent preferred
- Experience with docker, kubernetes or other containerization technologies
Maybe you don’t tick all the boxes above— but still think you’d be great for the job? Go ahead, apply anyway. Because we know that experience comes in all shapes and sizes—and passion can’t be learned.
Many of our roles allow for flexibility in when and where work gets done. Depending on the needs of the business and the role, the number of hybrid, office-based and remote workers will vary from team to team. Applications are assessed on a rolling basis and there is no fixed deadline for this requisition. The application window may change depending on the volume of applications received or may close immediately if a qualified candidate is selected.
We value a range of diverse backgrounds, experiences and ideas. We pride ourselves on our diversity and inclusive workplace that provides equal opportunities to all persons regardless of age, race, color, religion, sex, sexual orientation, gender identity and expression, national origin, disability, neurodiversity, military and/or veteran status, or any other protected classes. Additionally, UiPath provides reasonable accommodations for candidates on request and respects applicants' privacy rights. To review these and other legal disclosures, visit our privacy policy.
