Key skills
AndroidAWSAzureCloudDockerGoogle Cloud PlatformiOSJenkinsKubernetesPythonSDLCTerraformBashGCPGoogle CloudGitHub ActionsPostmanRESTfulGitHubCI/CDOWASPPenetration Testing
About this role
Role Overview
- Perform thorough penetration testing across web applications, RESTful APIs, mobile applications (iOS/Android), and thick clients using manual and automated techniques to identify and exploit vulnerabilities.
- Develop and implement advanced penetration testing strategies, frameworks, and test plans tailored to different application architectures.
- Lead security assessments, execute exploit development and proof-of-concept creation, and validate remediation effectiveness.
- Provide technical guidance on remediation, secure coding practices, and risk mitigation to development and product teams.
- Monitor and respond to application security incidents; conduct root-cause analysis and drive corrective actions.
- Research and apply emerging tools, techniques, and threat intelligence to continuously improve testing coverage and automation.
- Mentor and support team members, promoting a culture of application security engineering and secure SDLC integration.
Requirements
- 10+ years of experience in application penetration testing for web applications, RESTful APIs, mobile applications, and thick clients using manual exploitation and advanced assessment techniques.
- 10+ years of experience in vulnerability research, exploit development, binary analysis, and proof-of-concept development.
- 8+ years of experience in cloud and container security assessments (AWS, Azure, GCP, Docker, Kubernetes) for cloud-native applications.
- 8+ years of experience with secure SDLC practices, threat modeling, and application security standards (OWASP Top 10, NIST, SANS) and compliance frameworks (e.g., PCI DSS).
- 8+ years of experience integrating security into CI/CD and IaC pipelines, and testing automation (Jenkins, GitHub Actions, Terraform).
- 6+ years of experience with scripting and automation (Python, Bash), and hands-on use of tools such as Burp Suite, Metasploit, MobSF, Postman, and fuzzing frameworks.
- 6+ years of equivalent combination of educational background, related experience, and/or military experience.
Tech Stack
- Android
- AWS
- Azure
- Cloud
- Docker
- Google Cloud Platform
- iOS
- Jenkins
- Kubernetes
- Python
- SDLC
- Terraform
Benefits
- Fuel Your Life program to support physical, financial, social, and emotional well-being.
- Paid holidays and generous time away policies.
- No-cost mental health support through Employee Assistance Programs.
- Living Proof program to recognize your peers’ extra effort with points used for rewards.
- Eight Employee Resource Groups to foster a collaborative culture.
- Unparalleled professional growth with training, development, and internal mobility opportunities.
- Retirement planning and discounted shares with the Employee Stock Purchase Plan.
- Medical, dental, vision, life, and disability insurance options available day one.
- Tuition assistance and reimbursement program.
- Paid parental, caregiver, and military leave.