We're looking for experienced candidates that are knowledgeable in application security and software vulnerabilities. We don't expect our candidates to know everything, but we do expect them to take on new challenges and not be afraid to fail. Successful candidates are passionate about information security and willing to learn new things. This position is remote, but we do have offices in Seattle, WA & Wilmington, MA. Our Services team works with a global client-base of technology vendors and enterprise IT organizations.
\n Responsibilities:Hack all the things. Okay, seriously, here are some HR Roles and Responsibilities content regarding what you will do on a daily basis: Work closely with other Application Security Engineers to perform reviews and tests on web and conventional applications as well as embedded, firmware, mobile, and moreUse a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applicationsCreate threat models that result in more secure application designDesign and develop security testing scenariosAnalyze and present results of testing to team members, managers, and customersWrite detailed problem reports, test plan documents, and mitigation recommendations as neededDevelop tools to aid penetration test automation and effectivenessReview code for common security vulnerabilities Experience: Demonstrating your skills to us our hacking challenge is more important than your resume, but a strong resume for this position includes:Penetration Testing and Ethical HackingDynamic and/or Static Code AnalysisSoftware DevelopmentTechnical security research Must Haves: What we expect of our applicants:Knowledge of common application security bugs, attack types, and mitigation strategiesB.S. in Computer Science, related degree, or equivalent experienceDeep understanding of networking fundamentalsExperience conducting security assessments across web, network, and API targetsStrong familiarity with cloud technologies like AWS, Azure, or GCPSubject matter expert in one of our core domains such as web, mobile, IoT, applied crypto, etc Demonstrate an ability to code in one or more languageAbove average knowledge of Windows and/or Linux and Unix variantsWillingness to learn new technologiesStrong written and verbal communication skillsUnderstanding of application design, development, and testing techniquesWorking knowledge of common security testing tools like Burp Suite, SQLMap, Metasploit, Ghidra, IDA, etc.Interest in or previous experience completing security related research Nice To Haves: These skills are not required, but if you have any of them, you are likely a good candidate for the position:Completed OSCP, OSWE, or a similar security certificationInvolved in Bug Bounty programsParticipated in Capture the Flag eventsExperience with embedded, firmware, and/or IoT technologiesExperience with applied cryptography and/or blockchainPrevious consulting experienceDetail-oriented and dependable
\n$162,000 - $166,000 a year
\nBenefits and Perks: Security Innovation is proud to offer the following:
• Competitive salary and equitable salary structure • Flexible work from home and remote options • Unlimited paid time off, mental health days, and 12+ company holidays • Comprehensive Health, Dental, and Vision insurance options • Flex Spending and HSA options401k with immediate vesting and up to 6% match • Generous professional development budget • Professional certification, training, and conference opportunities • Ample engineer hardware budget • Culture focused on health & wellness, diversity, equity, and inclusion