The Security Engineer (Penetration Testing & Application Security) will significantly contribute to Certus Cybersecurity's success by integrating security into the software development lifecycle of the company's enterprise clients. You will help enterprise clients secure their products through the development, design, and testing phases. You will be a trusted advisor to product development teams on defense and remediation, executing architectural reviews, security code reviews, penetration testing, and crafting fixes for security defects impacting legacy and emerging technologies.
This position reports to a Senior Security Engineer or Principal Security Engineer and collaborates with a cross-functional team of experienced security consultants. Extensive penetration testing experience and capability are required for this role. Your working knowledge of current threats and countermeasures encountered in application security, paired with support from other experts at Certus Cybersecurity, will enable you to assist the company's clients in assessing and remediating a diverse range of security issues.
Required Qualifications:
• Strong understanding, experience, and expert-level knowledge of Architecture Review, Application and Systems Threat Modeling, Code Review, and particularly Penetration Testing.
• In-depth knowledge of testing methodologies and when to creatively deviate from structured processes.
• Deep understanding of a broad range of application security issues as well as their mitigation strategies.
• Understanding of complex vulnerabilities, including cryptographic implementations and protection mechanism bypasses.
• Experience reviewing source code written in a broad range of programming languages.
• Proficiency in Information Security tools and an ability to write code to solve problems during testing.
• Understanding of reverse engineering concepts and tools involved, such as debuggers, disassemblers, and operating system monitoring utilities.
• Verbal communication skills include the ability to articulate thoughts clearly and distill complex problems into digestible information that can be consumed by anyone, from technical resources to the highest level of management.
• Personal drive and passion to continue growing not only yourself but also the Product and Application Security practice.
• Working knowledge of modern web service hosting technologies, development languages, and frameworks.
• The ability to kick off and conduct research projects is strongly preferred.
• Excellent written and verbal communication skills.
Preferred Qualifications:
• Experience in independently executing or leading application security assessments.
• Experience with penetration testing for thick clients, mobile, IoT devices, and backend services.
• Reverse-engineering experience (IDA Pro, Java/.NET disassembly, process
monitoring, etc.).
• Experience building or supporting an organization's software security program.
• Experience quickly learning and using new technologies and frameworks, implementing them in your work, and training others to use them.
• Relevant security certifications.
• Bachelor's, Master's, or above in Computer Science or related field.
Certus Cybersecurity is an Equal Opportunity Employer of Minorities, Females, Protected Veterans, and Individuals with Disabilities.