Summary

Join a dynamic team as an Application Security Engineer, working remotely within the US. Responsibilities include reviewing and testing various applications, creating threat models, designing testing scenarios, analyzing results, writing reports, developing tools, and reviewing code for vulnerabilities. Requirements include a Bachelor's degree in Computer Science, experience in conducting penetration tests, knowledge of common security testing tools, and understanding of networking fundamentals.

Requirements

Bachelor’s degree in Computer Science or related
Experience in conducting penetration tests for high profile customers or products; experience in working in R&D teams on fast paced, and high impact projects
Experience in performing low complexity and high complexity Web Application, Network and Cloud Penetration testing in an enterprise environment
Experience in writing and reviewing technical reports on vulnerabilities findings
Experience in communicating with clients about discovered vulnerabilities and participating in kick-off meetings
Experience in performing Threat modeling and architecture and design review of Web, Network and Cloud Services
Experience in conducting static and dynamic code analysis and review for various programming languages such as Python, Java, and JavaScript
Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg
Knowledge of common application security bugs, attack types, and mitigation strategies; solid understanding of networking fundamentals
Knowledge of reverse engineering techniques
Above average knowledge of Windows and/or Linux and Unix variants
Willingness to share knowledge and provide mentorship to other people
Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming
Experience in developing tools to automate penetration testing process
Experience in participating in Capture-the-Flag events, and trained on security platforms such as Hack the Box, and Root Me
Knowledge of cloud infrastructure and performing cloud configuration reviews
Ability to conduct research on a technical topic and deliver presentations for a technical audience
Participated in security-related events such as Hacking Conferences, Bootcamps, and Meetups and contributed to Security Community

Responsibilities

Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more
Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
Create threat models that result in more secure application design
Design and develop security testing scenarios
Analyze and present results of testing to team members, managers, and customers
Write detailed problem reports, test plan documents, and mitigation recommendations as needed
Develop tools to aid penetration test automation and effectiveness
Review code for common security vulnerabilities

Benefits

Competitive salary and equitable salary structure
Flexible work from home and remote options
Unlimited paid time off, mental health days, and 12+ company holidays
Comprehensive Health, Dental, and Vision insurance options
Flex Spending and HSA options
401k with immediate vesting and up to 6% match
Generous professional development budget
Professional certification, training, and conference opportunities
Ample engineer hardware budget
Culture focused on health & wellness, diversity, equity, and inclusion

Security Innovation is hiring a Security Engineer