Software Security and Offensive Security Manager

Summary

Join Aprio's Risk Advisory and Assurance Services team as a Software Security and Offensive Security Manager. Help clients maximize opportunities by developing this service line from the ground up. Contribute to cutting-edge initiatives in CMMC, FedRAMP, PCI SSF, and custom software security solutions. Work on diverse, high-impact projects and build a team. Access unparalleled professional development through training and certifications. Enjoy a collaborative culture with competitive salary, comprehensive benefits, and flexible work arrangements.

Requirements

• Experience with cloud infrastructure offensive security assessments (e.g., AWS, Azure, GCP), web application and API penetration testing, and traditional network penetration testing
• Experience with application and software security including performing static application security, dynamic application security, and memory forensic analysis
• Proficiency in developing assessment documentation and documenting the results of your work
• Familiarity with penetration testing and application requirements for common security compliance frameworks (e.g., FedRAMP, PCI DSS, PCI SSF)
• Minimum of 5 years’ experience in penetration testing or a related cybersecurity role, with a focus on application/software, network, cloud infrastructure, web application, and API testing
• Hands-on experience with network penetration testing, including assessment of protocols (e.g., TCP/IP, DNS, VPN), firewalls, and intrusion detection/prevention systems
• Hands-on experience with cloud security testing in platforms such as AWS, Azure, or GCP, and their cloud native solutions
• Hands-on experience web application penetration testing, covering OWASP Top 10 vulnerabilities (e.g., SQL injection, XSS, CSRF) and secure coding practices
• Hands-on experience with application security and tools used to perform source code, memory and runtime analysis (i.e., SAST, DAST and memory forensics analysis)
• Strong proficiency in API security testing, including REST, SOAP, and GraphQL, with experience in identifying issues like broken authentication, excessive data exposure, and injection flaws
• Familiarity with common penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux
• Experience with scripting languages (e.g., Python, Bash, PowerShell) for automating tests
• Understanding of secure development lifecycle (SDLC) and DevSecOps practices to integrate security into CI/CD pipelines
• Strong analytical and problem-solving skills, with the ability to think like an attacker and identify complex attack chains
• Excellent communication skills to articulate technical findings to both technical and non-technical stakeholders in verbal and written form
• This role requires you to maintain at least one industry certification related to cyber security including: CCNP, CISSP, CSSLP, GPEN, GCED, CEH, CHFI, or GCFA

Responsibilities

• Be part of a transformative growth journey!
• Contribute to cutting-edge initiatives as we expand into CMMC, FedRAMP, PCI SSF, and work around other high performers developing custom software security solutions, offering opportunities to tackle unique security challenges in high-stakes, regulated industries
• Work on diverse, high-impact projects across a number of teams and industries, and take on the opportunity to build a team around you over time
• Access unparalleled professional development through training, certifications, and hands-on experience with emerging technologies, ensuring you stay ahead in the rapidly evolving cybersecurity landscape
• Enjoy a collaborative, innovative culture with competitive salary, comprehensive benefits, and flexible work arrangements, fostering both personal and professional growth

Preferred Qualifications

• OSCP, OSWE, CRTP, and other certifications that require hands on skills application to obtain are a huge plus
• PCI PA-DSS and PCI SSF experience

Benefits

• $120,000 - $140,000 a year
• Medical, Dental, and Vision Insurance on the first day of employment
• Flexible Spending Account and Dependent Care Account
• 401k with Profit Sharing
• 9+ holidays and discretionary time off structure
• Parental Leave – coverage for both primary and secondary caregivers
• Tuition Assistance Program and CPA support program with cash incentive upon completion
• Discretionary incentive compensation based on firm, group and individual performance
• Incentive compensation related to origination of new client sales
• Top rated wellness program
• Flexible working environment including remote and hybrid options