Be an early applicantLess than 25 applicants

Company

Original Job Post

myGwork - LGBTQ+ Business Community · 2 days ago

Senior Lead Security/Penetration Test Engineer

United States

Full-time

Remote

Senior Level

$105K/yr - $200K/yr

8+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Internet

Insider Connection @myGwork - LGBTQ+ Business Community

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Security/penetration test web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques

Build scripts, tools, or methodologies to enhance offensive security testing

Employ advanced techniques including reverse engineering, fuzzing, and conduct research to identify new and novel attack vectors

Possess sound knowledge of common infrastructure and web application vulnerability categorizations such as CVE, CVSS, CWE

Analyze findings from a variety of application security tools to secure web applications during development and production run-time

Effectively communicate findings, attack paths, and recommendations to technical and executive client stakeholders through written reports and verbal presentations

Automate security testing at various stages within the CI/CD pipeline

Develop secure coding standards and training across multiple application frameworks and technologies to address security-test findings

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Security EngineeringSoftware DevelopmentSecure Software Development LifecycleWeb Application SecurityPenetration TestingSecure Application DevelopmentJavaPythonC#ScriptingPowerShellGoLangPerlJavaScript.NETAPI IntegrationSecurity Tooling AutomationCI/CD PipelinesIDE InterfacesStatic Application Security TestingSASTStatic Application AnalysisSCADynamic Application Security TestingDASTApplication securityRed teamingNIST SP-800-115TIBER-EUProblem-solving

Required

Bachelor’s Degree in Computer Science, Information Systems, or equivalent work-related experience

Minimum 8 years total experience in a technical role such as security engineer with software development experience

Design, implementation, and operation of a secure software development lifecycle

Experience with web application security/penetration testing and common attack vectors

Experience with secure application development

Software development experience in a common programming language: Java, Python, C#

Scripting/programming skills - Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration

Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions, Dynamic application security testing (DAST)

Preferred

Experience reproducing proof of concept exploitation steps

Deep application security knowledge, with the ability to map an application vulnerability to exploitation indications and relevant investigative techniques

Familiarity with standardized penetration testing and red teaming standards and procedures, such as NIST SP-800-115 and TIBER-EU