What will you be empowered to do?

IT & Security

Sr. Offensive Security Engineer/Offensive Security Engineer

Sunnyvale, California, United States

23andMe is looking for an experienced Offensive Security Engineer to ‘own’ our products, research, and IT infrastructure.  23andMe’s Offensive Security team members carry out attacks and security assessments to direct our ongoing security improvements and validate our understanding of our security perimeter. You will be leveraging your hacking skills to secure our customer data and corporate assets.


Who We Are

Since 2006, 23andMe’s mission has been to help people access, understand, and benefit from the human genome. We are a group of passionate individuals pushing the boundaries of what’s possible to help turn genetic insight into better health and personal understanding.


What You’ll Do

System and Network Analysis 

  • You will perform general analytic work to ensure that your knowledge of the environment, systems, and infrastructure is current and complete
  • To support this effort you will leverage OSINT and other tools which will provide a counterpoint to the knowledge gained through review of documentation and interviews

Active Assessments 

  • You will perform network penetration, web and mobile application testing within AWS and our corporate network
  • You will review internal and third party applications, perform source code reviews
  • You will perform threat analyses, execute assessments of the wired, wireless, and cloud-based network environments
  • You will actively assess all aspects of the 23andMe environment and personnel.  You will engage in social-engineering to support the goals of your assessments
  • You will attempt to evade detection and attempt to defeat the security protections and controls that are configured to stop you

Purple Team and Third Party Engagements 

  • As part of your assessment activities, you will work with defensive security to provide knowledge transfer and to actively assist in the identification of techniques to better detect the methods you have used to bypass
  • Manage the engagement of third party assessors, as needed
  • Actively engage with the defensive security team to holistically improve detection, reporting, and alerting

Lab Technology and Exploit Development 

  • As part of the offensive security efforts, build out and maintain a secure lab environment for exploit development and malware analysis


What You’ll Bring

  • 5+ years experience working as a pentester attacking webapps, mobile apps, REST API’s, corporate networks, weak crypto, AWS infrastructure, Active Directory, lab equipment, and more
  • Experience building and keeping to engagement scopes.
  • Proficient with MacOS, Linux and Windows Operating Systems.
  • Strong verbal and written communication skills
  • Demonstrated programming language and scripting experience

Note: While our team is based in Sunnyvale, CA this position is open to remote work, and we will consider exceptional candidates throughout the United States.


About Us

23andMe, headquartered in Sunnyvale, CA, is a leading consumer genetics and research company. Founded in 2006, the company’s mission is to help people access, understand, and benefit from the human genome. 23andMe has pioneered direct access to genetic information as the only company with multiple FDA authorizations for genetic health risk reports. The company has created the world’s largest crowdsourced platform for genetic research, with 80 percent of its customers electing to participate. The platform also powers the 23andMe Therapeutics group, currently pursuing drug discovery programs rooted in human genetics across a spectrum of disease areas, including oncology, respiratory, and cardiovascular diseases, in addition to other therapeutic areas. More information is available at www.23andMe.com.

At 23andMe, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at accommodations-ext@23andme.com. 23andMe will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Please note: 23andMe does not accept agency resumes and we are not responsible for any fees related to unsolicited resumes. Thank you.