Security Engineer I

Must reference “Code 01887” in application question.

****Telecommuting permitted, can perform duties anywhere in US.****Multiple openings.

Duties:

• Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more.

• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.

• Create threat models that result in more secure application design.

• Design and develop security testing scenarios.

• Analyze and present results of testing to team members, managers, and customers.

• Write detailed problem reports, test plan documents, and mitigation recommendations as needed.

• Develop tools to aid penetration test automation and effectiveness.

• Review code for common security vulnerabilities.

Other Special Skills or Requirements:

• Education: Bachelor’s degree in Computer Science or related
• Experience in conducting penetration tests for high profile customers or products; experience in working in R&D teams on fast paced, and high impact projects
• Experience in performing low complexity and high complexity Web Application, Network and Cloud Penetration testing in an enterprise environment
• Experience in writing and reviewing technical reports on vulnerabilities findings
• Experience in communicating with clients about discovered vulnerabilities and participating in kick-off meetings
• Experience in performing Threat modeling and architecture and design review of Web, Network and Cloud Services
• Experience in conducting static and dynamic code analysis and review for various programming languages such as Python, Java, and JavaScript
• Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg
• Knowledge of common application security bugs, attack types, and mitigation strategies; solid understanding of networking fundamentals
• Knowledge of reverse engineering techniques
• Above average knowledge of Windows and/or Linux and Unix variants
• Willingness to share knowledge and provide mentorship to other people
• Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming
• Experience in developing tools to automate penetration testing process
• Experience in participating in Capture-the-Flag events, and trained on security platforms such as Hack the Box, and Root Me
• Knowledge of cloud infrastructure and performing cloud configuration reviews
• Ability to conduct research on a technical topic and deliver presentations for a technical audience
• Participated in security-related events such as Hacking Conferences, Bootcamps, and Meetups and contributed to Security Community.

Security Innovation is proud to offer the following:

• Competitive salary and equitable salary structure

• Flexible work from home and remote options

• Unlimited paid time off, mental health days, and 12+ company holidays

• Comprehensive Health, Dental, and Vision insurance options

• Flex Spending and HSA options

• 401k with immediate vesting and up to 6% match

• Generous professional development budget

• Professional certification, training, and conference opportunities

• Ample engineer hardware budget

• Culture focused on health & wellness, diversity, equity, and inclusion