• Perform red teaming against applications and APIs.
• Perform application threat hunting to evaluate risk to applications.
• Perform manual (non-automated) security testing of applications.
• Provide the vulnerability information in the predefined report format after performing the testing using manual methodology and tools
• Generate reports on assessment findings and summarizes to facilitate remediation, document technical issues identified during security assessments
• Be a subject matter expert and respond to any security engineering questions/ requests related to Application Defense enhancements
• Collaborate with Security Architects, Product Manager, Risk Managers, and other teams to deliver high quality product.
• ** Note: Responsibilities of this role are not limited to the details above**

Required Qualifications:

• Minimum of 6 years of related experience
• Bachelor’s Degree and/or equivalent experience

​

Preferred Qualifications:

• Minimum of 6 years of experience in application security testing
• Minimum of 4 years of experience in conducting red teaming engagements
• Minimum of 4 years of experience in application security testing tools such as Burp Suite Professional & Owasp Zap
• Ability to test manually and “live off of the land strategies”
• Ability to explain vulnerabilities and weaknesses in OWASP Top 10 and SANS Top 25 to any audience and discuss effective defensive techniques
• Understanding of MITRE Framework and adversarial methodologies
• Ability to bypass controls and/or test countermeasures for misconfigurations
• Ability to work under pressure, multitask and be flexible
• Certified in OSCP or GWAPT or related offensive security/red teaming certification
• This is not a penetration testing role. It goes beyond the scope of a traditional pen test

This role is Contract to Hire!

​

Notes from Hiring Manager:

Must have a good background in testing applications (I'm not looking for a know-it-all). Just a honest resume that reflects experience in application security testing and some red teaming. The ideal candidate would be someone who has been in application security for the last 5-6 years consistently, (I don't require certifications), someone who knows how to test manually applications and not just vulnerability scanning because we already have a team that performs that function), someone who has enjoyed Capture The Flags and loves to tinker in applications; anything else would be a bonus