Senior Security Engineer - Red Team (Remote)

4+ years of working experience in web application security Hands-on experience in security testing of web applications, web services, mobile applications, APIs, etc. Experience securing REST APIs and web services Experience using and implementing SAST / DAST tools such as Fortify, Veracode, Checkmarx, or other similar tools Knows how to conduct penetration tests of information systems using commercial and open-source exploitation tools Good understanding of standard security vulnerabilities and common remediation as published by OWASP, SANS, etc. Experience working with secure coding methodology and best practices and their implementation within engineering teams Supports developers of our business units in their SDLC and provides guidance regarding mitigations to emerging threats Reviews application source code based on static application security testing tools Engages in security research to remain current on vulnerabilities and testing tools Creates detailed, professional documentation/reports that clearly communicate vulnerabilities, mitigation strategies, and remediation steps Ability to work on multiple projects concurrently and is committed to providing exemplary customer service Strong written and verbal communication skills in English Python, JavaScript, PHP programming experience as a plus Knowledge in scripting (any language) and experience in automation scripts for application security testing as a plus Familiarity with cloud security, particularly AWS security concepts, as a plus Certifications such as eWAPTx, OSCP, OSWE, etc., as a plus Able to work in a team-centric environment Strong critical thinking and analytical skills Experience in executing white, gray, or black box security posture assessments and completing detailed reports that outline the findings and recommendations Strong presentation, written, and oral communication skills

Performs web, mobile application, and internal penetration tests Conducts source code reviews Performs threat analysis Conducts social-engineering assessments Supports blue teams when needed Researches new attack vectors and cybersecurity trends Trains Quality Assurance and Development teams in standard security testing techniques and secure software development