Sr. Penetration Tester, Web/Mobile Apps and Cloud Services jobs in United States
cer-icon
Apply on Employer Site
company-logo

TP-Link · 2 days ago

Sr. Penetration Tester, Web/Mobile Apps and Cloud Services

positionIrvine, CA
timeFull-time
remoteOnsite
seniorityMid, Senior Level
money$100K/yr - $165K/yr
date5+ years exp

TP-Link Systems Inc. is a global provider of reliable networking devices and smart home products, seeking a skilled and proactive Sr. Penetration Tester to lead security initiatives for their cloud service product lines. This role involves assessing and securing complex cloud environments and driving security strategies for specific product lines.

Consumer Electronics
badNo H1Bnote

Responsibilities

Lead advanced penetration testing for entire cloud environments, including web applications, APIs, AI applications, serverless functions, containers, and other cloud-native services
Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses across cloud platforms and applications
Lead incident response activities and perform in-depth vulnerability research, oversee and manage the entire incident response process for cloud environments
Lead cloud security certification efforts for various compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)
Design and develop advanced security tools and automated testing platforms to enhance cloud security testing accuracy and coverage
Drive the integration of security practices throughout the CI/CD pipeline and DevOps processes company-wide
Follow-up on global cloud security standards and regulations, mentoring junior engineers and driving the implementation of security requirements within cloud services
Collaborate with teams to develop and deliver cloud and web application security training to development, DevOps and QA teams, ensuring best practices are followed
Design and implement secure cloud architectures and conduct security reviews of existing architectures to ensure alignment with industry best practices

Qualification

Cloud security architecturePenetration testingSecurity tools proficiencyProgramming languagesSecurity compliance certificationsIncident response managementThreat modelingCross-functional communicationProactive initiativeLeadership skillsStrategic thinking

Required

Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience)
Proven more than 5 years' experience as a Security Engineer (Cloud & Web) or in a similar role
Deep understanding of cloud security architecture, web application security, API security, and common vulnerabilities, with hands-on experience in assessing and securing complex cloud systems across multiple platforms
Extensive experience with security tools such as Burp Suite, OWASP ZAP, Nmap, Kali, Nessus, Metasploit, and the ability to customize these tools for advanced penetration testing and vulnerability assessments in cloud environments
Capability to independently develop or customize penetration testing tools, automation frameworks, and continuous security testing platforms for complex cloud environments
Advanced knowledge of secure coding practices, identifying vulnerabilities across multiple cloud services, and guiding junior engineers in performing such tasks
Proficient in multiple programming languages (e.g., Python, JavaScript, Go, Bash, PowerShell, etc.), with the ability to independently write complex security tools, scripts and exploit code
Expert-level knowledge of major cloud platforms (AWS, Azure, GCP) and their security services, configurations, and best practices

Preferred

Relevant advanced security certifications (e.g., OSCP, OSWE, CISSP, AWS/Azure/GCP security certifications) are highly preferred
CVE IDs involving critical vulnerabilities in web or cloud environments, as well as published relevant papers or patents are prioritized
Published CVEs are highly preferred

Benefits

Free snacks and drinks, and provided lunch on Fridays
Fully paid medical, dental, and vision insurance (partial coverage for dependents)
Contributions to 401k funds
Bi-annual reviews, and annual pay increases
Health and wellness benefits, including free gym membership
Quarterly team-building events

Company

TP-Link

twitter
Glassdoor3.5
company-logo
Headquartered in the United States, TP-Link is a global provider of reliable networking devices and smart home products, consistently ranked as the world’s top provider of Wi-Fi devices.
dateFounded in 1996
location
Irvine, US
people-size10001+ employees
web-link
http://www.tp-link.com

Funding

Current Stage
Late Stage
Company data provided by crunchbase