Please submit resumes via e-mail only: [email protected] Must reference “Code 98101” in e-mail subject line.
****Telecommuting permitted, can perform duties anywhere in US.****Multiple openings.
Duties:
- Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more.
- Perform in-depth security assessment of crypto configurations.
- Ensure the cryptographic implementations provide data integrity, confidentiality, and non-repudiation.
- Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
- Create threat models that result in more secure application design.
- Design and develop security testing scenarios.
- Perform cloud configuration audits and cloud design reviews.
- Analyze and present results of testing to team members, managers, and customers.
- Write detailed problem reports, test plan documents, and mitigation recommendations as needed.
- Develop tools to aid penetration test automation and effectiveness.
- Review code for common security vulnerabilities.
- Possible travel to client sites to conduct in-person security reviews and assessments (travel is very limited, up to 2 to 3 times a year at most for up to 5 business days to client sites to conduct in-person security reviews and assessments. Company has clients throughout US so travel could be anywhere in US).
Other Special Skills or Requirements:
- Education: Master’s degree in Information Security, Computer Science or related field
- Experience in conducting penetration tests for high profile customers or products
- Experience working in R&D teams on fast paced, and high impact projects
- Experience in writing and reviewing technical reports on vulnerabilities findings
- Experience in communicating with clients about discovered vulnerabilities and participated in kick-off meetings
- Knowledge of common application security bugs, attack types, and mitigation strategies
- Knowledge of reverse engineering techniques
- Knowledge of creating cyber risk and threat modeling
- Knowledge of applied and theoretical cryptography
- Basic knowledge of Post-quantum Cryptography and NIST Post-quantum Cryptography Standardization
- Solid understanding of networking fundamentals
- Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming
- Knowledge of cloud infrastructure and performing cloud configuration reviews
- Demonstrate an ability to code in one or more languages
- Basic understanding of Mobile security testing tools
- Knowledge of reverse engineering malwares including unpacking and bypassing obfuscation and conducting forensic analysis
- Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg
- Ability to conduct research on a technical topic and deliver presentations for a technical audience
- Demonstrate strong interpersonal and communication skills.
Security Innovation is proud to offer the following:
• Competitive salary and equitable salary structure
• Flexible work from home and remote options
• Unlimited paid time off, mental health days, and 12+ company holidays
• Comprehensive Health, Dental, and Vision insurance options
• Flex Spending and HSA options
• 401k with immediate vesting and up to 6% match
• Generous professional development budget
• Professional certification, training, and conference opportunities
• Ample engineer hardware budget
• Culture focused on health & wellness, diversity, equity, and inclusion
Security Innovation, Inc., 187 Ballardvale St, Ste A195, Wilmington, MA 01887.
