Key skills
AWSAzureCloudCyber SecurityFirewallsGoogle Cloud PlatformSplunkShellAmazon Web ServicesGCPGoogle CloudIAMDatadogSaaSProject ManagementCommunicationRemote WorkOWASPPenetration TestingNetwork SecurityCloud SecurityWAFFirewall
About this role
Role Overview
- Perform manual penetration testing activities on Web Applications and Mobile Applications using black-box testing tools, in-depth penetration test (using shell scripts and manual testing) techniques, DAST & SAST tools.
- Understand the application architectural components, business purpose of the application and code at high level.
- Web Application: Highly familiar with OWASP Top 10 and the ASVS.
- Cloud Security Operations: Design, implement, and optimize robust cloud security architectures.
- Network Security Expertise: Your network security and cloud security expertise will be required to respond to customer questionnaires and customer calls.
- Firewall & WAF Management: Configure, manage, and troubleshoot cloud-native firewalls and Web Application Firewalls.
- SIEM Integration & Optimization: As a Level-2 Security Operations support team member, you will review all security alerts and resolve these alerts in a timely manner.
- SaaS Security Best Practices: Provide expert guidance on securing SaaS applications.
- Compliance & Governance: Lead and contribute to compliance initiatives.
- Customer Engagement & Presentation: Act as a trusted advisor to clients.
- Incident Response & Remediation: Support incident response activities.
- Vulnerability Management and Penetration Testing: Responsible for running the comprehensive vulnerability management and penetration testing program.
- Stay Ahead of the Curve: Continuously research and evaluate emerging cloud security threats.
Requirements
- 10+ years of progressive experience in web application penetration testing, cybersecurity, with at least 4+ years focused on cloud security engineering.
- Strong organizational, administrative, project management and communication skills will be required to manage the overall security program.
- Deep hands-on experience with Google Cloud Platform (GCP) security services and best practices is essential and managing cloud security alerts in our SIEM.
- Strong practical experience with Microsoft Azure and Amazon Web Services (AWS) security services.
- Proven expertise in securing SaaS applications and understanding of common SaaS security challenges.
- Extensive experience with scripting skills, network security principles and implementation in cloud environments.
- Demonstrable experience with firewall management (cloud-native and third-party) and Web Application Firewalls (WAFs).
- Hands-on experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, Google Chronicle Security Operations, Datadog, etc) including sink creations, log ingestion, rule creation, and dashboarding.
- Strong understanding of cloud identity and access management (IAM) principles and best practices across multi-cloud.
- Solid knowledge of compliance frameworks and regulations (e.g., GDPR, SOC 2, ISO 27001, CMMC).
- Excellent communication, presentation, and interpersonal skills, with the ability to articulate complex security concepts clearly and concisely to diverse audiences.
- Ability to work independently and as part of a team in a fast-paced, client-facing environment.
- Problem-solving mindset with a strong attention to detail.
- CISSP is required. Azure and Google certifications are highly desirable.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Firewalls
- Google Cloud Platform
- Splunk
Benefits
- Health insurance
- 401(k) plan
- Paid parental leave program
- Generous PTO
- Flexible work schedules
- Remote work opportunities
- Paid company holidays
- Appspace Quiet Fridays (No non-essential internal meetings scheduled)
- A casual dress work environment