Role Expectations
We are looking for an Application Security Engineer/Penetration Tester with detailed technical knowledge in cybersecurity engineering, system and network security, and general knowledge of software development to work as an integral part of our Application Security team. You will work closely with seasoned technology and cybersecurity consultants to provide advisory services to Enterprises undergoing digital, process and organizational transformation.
Specific responsibilities will vary and include:
- Perform application security assessments using industry standards (e.g., OWASP ASVS)
- Execute penetration tests using a broad range of tools to discover and exploit possible vulnerabilities and weaknesses within cloud, on-prem and hybrid environments
- Document findings and remediation recommendations and collaborate with consulting team and customers to ensure vulnerability findings are successfully and efficiently addressed
- Provide guidance on implementing and/or improving secure software development processes
- Deliver training and provide mentoring to software engineers on security and DevSecOps topics
- Lead and facilitate threat modeling exercises to ensure optimized security design decisions are being made
- Maintain up-to-date knowledge of security standards e.g., OWASP, NIST, other security standards, security testing, and technologies
- Practice flexibility to support your team working with a diverse customer-base
- Provide mentorship to junior consultants
Experience and Qualification Requirements
5 + years of combined relevant experience, including:
- Hands-on experience performing application and network penetration tests
- Experience using penetration testing and security assessment tools such as Nmap, Nessus, Kali Linux, Metasploit, Burp Suite, Wireshark, etc.
- Knowledge of frameworks and standards, such as NIST Cybersecurity set of frameworks, CIS, and OWASP
- Familiarity with application architectures and technology like Docker, Kubernetes, and microservices
- Experience running red team and blue team exercises (preferred, but not mandatory)
- Pursuing or currently holding one or more of the following certifications: OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), LPT (Licensed Penetration Tester), Penetration Tester (GPEN), Exploit Researcher and Advanced Penetration Tester (GXPN), Web Application Penetration Tester (GWAPT)
- Bachelor’s degree in Computer Science, Information Systems, Engineering or similar