Remote Security Engineer I

Description:

• The Security Engineer I will work closely with other application security engineers to perform reviews and tests on various applications, including Web, Conventional, embedded, firmware, and mobile applications.
• The role involves using a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
• The engineer will create threat models that lead to more secure application designs.
• Responsibilities include designing and developing security testing scenarios.
• The engineer will analyze and present testing results to team members, managers, and customers.
• Writing detailed problem reports, test plan documents, and mitigation recommendations is required as needed.
• The role includes developing tools to aid in penetration test automation and effectiveness.
• The engineer will review code for common security vulnerabilities.

Requirements:

• A Bachelor’s degree in Computer Science or a related field is required.
• Experience in conducting penetration tests for high-profile customers or products is necessary, along with experience in working in R&D teams on fast-paced, high-impact projects.
• The candidate must have experience in performing both low complexity and high complexity Web Application, Network, and Cloud Penetration testing in an enterprise environment.
• Experience in writing and reviewing technical reports on vulnerability findings is required.
• The candidate should have experience in communicating with clients about discovered vulnerabilities and participating in kick-off meetings.
• Experience in performing threat modeling and architecture and design reviews of Web, Network, and Cloud Services is necessary.
• The candidate must have experience in conducting static and dynamic code analysis and review for various programming languages such as Python, Java, and JavaScript.
• A working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, and Ollydbg is required.
• Knowledge of common application security bugs, attack types, and mitigation strategies, as well as a solid understanding of networking fundamentals, is necessary.
• The candidate should have knowledge of reverse engineering techniques.
• Above-average knowledge of Windows and/or Linux and Unix variants is required.
• A willingness to share knowledge and provide mentorship to others is essential.
• A solid understanding of system-level design, including memory allocation, assembly language, process control, and concurrent programming, is necessary.
• Experience in developing tools to automate the penetration testing process is required.
• Participation in Capture-the-Flag events and training on security platforms such as Hack the Box and Root Me is preferred.
• Knowledge of cloud infrastructure and performing cloud configuration reviews is necessary.
• The ability to conduct research on a technical topic and deliver presentations for a technical audience is required.
• Participation in security-related events such as Hacking Conferences, Bootcamps, and Meetups, along with contributions to the Security Community, is preferred.

Benefits:

• The position offers a competitive salary and an equitable salary structure.
• Flexible work-from-home and remote options are available.
• Employees receive unlimited paid time off, mental health days, and 12+ company holidays.
• Comprehensive health, dental, and vision insurance options are provided.
• Flex Spending and HSA options are available.
• A 401k plan with immediate vesting and up to a 6% match is offered.
• There is a generous professional development budget for employees.
• Opportunities for professional certification, training, and conference attendance are provided.
• An ample engineer hardware budget is available.
• The company culture focuses on health & wellness, diversity, equity, and inclusion.