Must reference “Code 01887” in application question.
****Telecommuting permitted, can perform duties anywhere in US.****Multiple openings.
Duties:
- Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more.
- Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
- Create threat models that result in more secure application design.
- Design and develop security testing scenarios.
- Analyze and present results of testing to team members, managers, and customers.
- Write detailed problem reports, test plan documents, and mitigation recommendations as needed.
- Develop tools to aid penetration test automation and effectiveness.
- Review code for common security vulnerabilities.
Other Special Skills or Requirements:
- Education: Bachelor’s degree in Computer Science or related
- Experience in conducting penetration tests for high profile customers or products; experience in working in R&D teams on fast paced, and high impact projects
- Experience in performing low complexity and high complexity Web Application, Network and Cloud Penetration testing in an enterprise environment
- Experience in writing and reviewing technical reports on vulnerabilities findings
- Experience in communicating with clients about discovered vulnerabilities and participating in kick-off meetings
- Experience in performing Threat modeling and architecture and design review of Web, Network and Cloud Services
- Experience in conducting static and dynamic code analysis and review for various programming languages such as Python, Java, and JavaScript
- Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg
- Knowledge of common application security bugs, attack types, and mitigation strategies; solid understanding of networking fundamentals
- Knowledge of reverse engineering techniques
- Above average knowledge of Windows and/or Linux and Unix variants
- Willingness to share knowledge and provide mentorship to other people
- Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming
- Experience in developing tools to automate penetration testing process
- Experience in participating in Capture-the-Flag events, and trained on security platforms such as Hack the Box, and Root Me
- Knowledge of cloud infrastructure and performing cloud configuration reviews
- Ability to conduct research on a technical topic and deliver presentations for a technical audience
- Participated in security-related events such as Hacking Conferences, Bootcamps, and Meetups and contributed to Security Community.
Security Innovation is proud to offer the following:
• Competitive salary and equitable salary structure
• Flexible work from home and remote options
• Unlimited paid time off, mental health days, and 12+ company holidays
• Comprehensive Health, Dental, and Vision insurance options
• Flex Spending and HSA options
• 401k with immediate vesting and up to 6% match
• Generous professional development budget
• Professional certification, training, and conference opportunities
• Ample engineer hardware budget
• Culture focused on health & wellness, diversity, equity, and inclusion