Description:

We are seeking experienced candidates knowledgeable in application security and software vulnerabilities.
Candidates should be willing to take on new challenges and not be afraid to fail.
Successful candidates are passionate about information security and eager to learn.
This position is remote, with offices located in Seattle, WA and Wilmington, MA.
The Services team collaborates with a global client base of technology vendors and enterprise IT organizations.
Responsibilities include working closely with other Application Security Engineers to perform reviews and tests on various applications, including web, embedded, firmware, and mobile.
Candidates will use both manual and automated techniques to assess risks and circumvent security mechanisms.
They will create threat models to enhance application design security.
Designing and developing security testing scenarios is a key responsibility.
Analyzing and presenting testing results to team members, managers, and customers is required.
Writing detailed problem reports, test plan documents, and mitigation recommendations is necessary.
Developing tools to aid penetration test automation and effectiveness is expected.
Reviewing code for common security vulnerabilities is part of the role.

Requirements:

Candidates must demonstrate skills through a hacking challenge rather than relying solely on their resume.
A strong resume should include experience in Penetration Testing and Ethical Hacking, Dynamic and/or Static Code Analysis, Software Development, and Technical security research.
Knowledge of common application security bugs, attack types, and mitigation strategies is essential.
A B.S. in Computer Science, a related degree, or equivalent experience is required.
A deep understanding of networking fundamentals is necessary.
Experience conducting security assessments across web, network, and API targets is expected.
Strong familiarity with cloud technologies such as AWS, Azure, or GCP is required.
Candidates should be a subject matter expert in one of the core domains like web, mobile, IoT, or applied cryptography.
Demonstrating the ability to code in one or more programming languages is necessary.
Above average knowledge of Windows and/or Linux and Unix variants is required.
A willingness to learn new technologies is essential.
Strong written and verbal communication skills are necessary.
Understanding of application design, development, and testing techniques is required.
Working knowledge of common security testing tools like Burp Suite, SQLMap, Metasploit, Ghidra, and IDA is expected.
An interest in or previous experience in security-related research is preferred.

Security Innovation offers a competitive salary and equitable salary structure.
Flexible work-from-home and remote options are available.
Employees enjoy unlimited paid time off, mental health days, and 12+ company holidays.
Comprehensive Health, Dental, and Vision insurance options are provided.
Flex Spending and HSA options are available.
A 401k plan with immediate vesting and up to a 6% match is offered.
A generous professional development budget is provided.
Opportunities for professional certification, training, and conference attendance are available.
An ample engineer hardware budget is included.
The company culture focuses on health & wellness, diversity, equity, and inclusion.