Security Innovation is hiring a
Senior Security Engineer

Summary

The job is for an Application Security Engineer who will work remotely or at offices in Seattle, WA & Wilmington, MA. The role involves conducting security assessments, creating threat models, designing and developing security testing scenarios, and reviewing code for common security vulnerabilities. The ideal candidate should have knowledge of application security bugs, attack types, and mitigation strategies, a B.S. in Computer Science or equivalent experience, strong communication skills, and familiarity with common security testing tools.

Requirements

• Knowledge of common application security bugs, attack types, and mitigation strategies
• B.S. in Computer Science, related degree, or equivalent experience
• Deep understanding of networking fundamentals
• Experience conducting security assessments across web, network, and API targets
• Strong familiarity with cloud technologies like AWS, Azure, or GCP
• Subject matter expert in one of our core domains such as web, mobile, IoT, applied crypto, etc
• Demonstrate an ability to code in one or more language
• Above average knowledge of Windows and/or Linux and Unix variants
• Willingness to learn new technologies
• Strong written and verbal communication skills
• Understanding of application design, development, and testing techniques
• Working knowledge of common security testing tools like Burp Suite, SQLMap, Metasploit, Ghidra, IDA, etc

Responsibilities

• Work closely with other Application Security Engineers to perform reviews and tests on web and conventional applications as well as embedded, firmware, mobile, and more
• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
• Create threat models that result in more secure application design
• Design and develop security testing scenarios
• Analyze and present results of testing to team members, managers, and customers
• Write detailed problem reports, test plan documents, and mitigation recommendations as needed
• Develop tools to aid penetration test automation and effectiveness
• Review code for common security vulnerabilities

Preferred Qualifications

• Completed OSCP, OSWE, or a similar security certification
• Involved in Bug Bounty programs
• Participated in Capture the Flag events
• Experience with embedded, firmware, and/or IoT technologies
• Experience with applied cryptography and/or blockchain
• Previous consulting experience
• Detail-oriented and dependable

Benefits

• Competitive salary and equitable salary structure
• Flexible work from home and remote options
• Unlimited paid time off, mental health days, and 12+ company holidays
• Comprehensive Health, Dental, and Vision insurance options
• Flex Spending and HSA options
• 401k with immediate vesting and up to 6% match
• Generous professional development budget
• Professional certification, training, and conference opportunities
• Ample engineer hardware budget
• Culture focused on health & wellness, diversity, equity, and inclusion