Security Engineer & Pentester
Open to residents of Western US except CA and CO
Our client provides penetration testing, vulnerability assessments and cyber risk management services to enterprise clients in the Pacific Northwest and throughout the United States. Their team of professionals consistently delivers deep technical services, helping clients solve their toughest security problems. With a growing array of projects, they are seeking an outstanding Security Engineer to serve the needs of their valued clients.
In addition to providing challenging and rewarding work, our client provides team members with a flexible, remote work lifestyle and a culture that rewards excellence. The team is comprised of seasoned professionals who love their craft and enjoy the comraderie that comes from being part of a high-performing team.
The Security Engineer plays a key role on the team, performing penetration testing and vulnerability assessment work on, and within, client environments. The Security Engineer conducts formal tests on a variety of applications, networks, servers, databases, and other technology components to measure an organization's potential susceptibility to compromise. This work often involves innovative thinking to discover vulnerabilities and craft creative exploits not previously considered.
In addition to strong technical skills, the successful candidate for this role must have strong interpersonal skills and be able to communicate complex security topics to technical and leadership teams within client organizations. Key success factors include an eagerness to stay current on the latest vulnerabilities and technology trends, the ability to develop proofs of concept that accurately and effectively demonstrate vulnerabilities discovered, and the ability to communicate detailed technical findings and recommendations clearly both in person and in written form.
Duties and Opportunities:
· Application Security
o Automated Testing using current and new tools
o Manual Testing
o Source Code review
· Architecture Review
o Threat Modeling
o Cloud / Container Deployment Scenarios
o Full Stack
· Mobile Application Testing
o iOS
o Android
· Network Penetration Testing
o Internal and External
o Automated Vulnerability Detection
o Manual Exploitation and Escalation
o Goal-oriented Methodology
· Perform application and infrastructure penetration tests & vulnerability assessments
· Craft and deploy social engineering/phishing assessments
· Perform security reviews of application designs; source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
· Review and define requirements for information security improvements
· Conduct architecture security reviews, application testing, internal vulnerability assessments and external penetration testing modeled after real world attackers (i.e., exploit and pivot)
· Conduct security architecture reviews of the full stack, including applications built on cloud and emerging technologies such as mobile devices
· Conduct manual application security testing and source code auditing for a variety of technologies
· Provide clear, accurate, informative and detailed finding descriptions and remediation guidelines for developers, technical staff, and organizational leaders within Summit client organizations
· Contribute toward the continuous improvement of Summit's security services, including the continuous enhancement of existing testing methodologies, materials, and supporting assets
· Support Summit sales and client engagement efforts by gathering client infrastructure or application details, drafting statements of work, and serving in a pre-sales security engineering capacity
· Other responsibilities include:
o Performing security research on the latest best practices, trends, threats and vulnerabilities, technology frameworks, testing methodology and tools
o Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
o Developing custom tools and exploits to support security review and/or penetration testing
o Drafting high-quality articles, white papers, and client-facing communications in an academically rigorous manner
· Other duties as assigned
Key Qualifications:
· Experience manually testing applications (web, client server, cloud, etc.)
· Enterprise level penetration testing including both internal and external environments
· Experience with a variety of scripting, programming, and markup languages, such as Python, C, C++, Java, PHP, SQL, Scheme, ML, HTML/XHTML, UNIX shell scripting, JavaScript, CSS, Ruby, XML, XSLT, Perl, Lisp, .NET (C#/ASP), Assembly (RISC/CISC), etc.
· Deployment/DevOps technologies such as visual studio, git, kubernetes, docker, puppet, chef
· Proficiency in Windows, Linux, and common IT systems, technologies and toolsets
· Ability to explain networking concepts (Routing, ACL, Load Balancers, Firewalls, VPNs, SSL/TLS, TCP) in order to assess and provide application architecture feedback to clients
· Background in web application development and/or code testing strongly preferred
· Strong verbal, written, and in-person communication and presentation skills
· Passion for discovering and researching new vulnerabilities and exploitation techniques
· Application development background and security knowledge - example of languages include C, C#, C++, Java, J2EE, .NET
· Vulnerability and threat management experience
· Experience with various security tools and products (Fortify, AppScan, Metasploit, SAINT, Nessus, nmap, Wireshark, Burp Proxy, NeXpose, Snort, etc.)
· Good understanding of the components of a secure DLC/SDLC
· Vulnerability analysis debugging and reverse engineering skills
· Understanding of cryptography principles as they apply to data confidentiality and data integrity and source code level identification of cryptography misuse.
· Ability to adapt to client needs and quickly learn new technologies
· Desire to perfect your craft and become an expert in the field of technical security assessments and penetration tests
· Desire to be part of, learn from, and make significant contributions to, a high-performance team of information security professionals
· Reliability; provide dependable and accurate work product, follow-through, and communication, both internally and to clients
· Drive and initiative to tackle new tasks and see them through to completion
· Receptive and teachable for training on new skills, content, and technology. Able to effectively train others in same and related skills and modalities.
· Ability to work effectively in a remote/virtual office environment and at client locations as needed
· Ability to travel approximately 10% of the time as needed
Education & Experience
· BS in Computer Engineering or Computer Science with specialization in Information Security; Master's degree preferred.
· At least three years of hands-on information security experience in large, enterprise environments.
Senior Security Engineer
All of the above plus:
· At least two additional years of hands-on information security penetration testing experience in large, enterprise environments.
· Expert level proficiency in the Key Qualifications noted above.
· Demonstrated success managing security assessment engagements from pre-sales client contact through final report deliverable and knowledge transfer.
· Demonstrated ability to take an academically rigorous approach to solving clients' unique security challenges.
Benefits:
Our client values their employees' time and efforts. Their commitment to your success is enhanced by their competitive compensation and an extensive benefits package, including generous PTO and 401(k) plans.
Plus, they work to maintain the best possible environment for their employees, where people can learn and grow with the company. They strive to provide a collaborative environment where each person feels encouraged to contribute to their processes, decisions, planning and culture.
Our client is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
Open to residents of Western US except CA and CO
Our client provides penetration testing, vulnerability assessments and cyber risk management services to enterprise clients in the Pacific Northwest and throughout the United States. Their team of professionals consistently delivers deep technical services, helping clients solve their toughest security problems. With a growing array of projects, they are seeking an outstanding Security Engineer to serve the needs of their valued clients.
In addition to providing challenging and rewarding work, our client provides team members with a flexible, remote work lifestyle and a culture that rewards excellence. The team is comprised of seasoned professionals who love their craft and enjoy the comraderie that comes from being part of a high-performing team.
The Security Engineer plays a key role on the team, performing penetration testing and vulnerability assessment work on, and within, client environments. The Security Engineer conducts formal tests on a variety of applications, networks, servers, databases, and other technology components to measure an organization's potential susceptibility to compromise. This work often involves innovative thinking to discover vulnerabilities and craft creative exploits not previously considered.
In addition to strong technical skills, the successful candidate for this role must have strong interpersonal skills and be able to communicate complex security topics to technical and leadership teams within client organizations. Key success factors include an eagerness to stay current on the latest vulnerabilities and technology trends, the ability to develop proofs of concept that accurately and effectively demonstrate vulnerabilities discovered, and the ability to communicate detailed technical findings and recommendations clearly both in person and in written form.
Duties and Opportunities:
· Application Security
o Automated Testing using current and new tools
o Manual Testing
o Source Code review
· Architecture Review
o Threat Modeling
o Cloud / Container Deployment Scenarios
o Full Stack
· Mobile Application Testing
o iOS
o Android
· Network Penetration Testing
o Internal and External
o Automated Vulnerability Detection
o Manual Exploitation and Escalation
o Goal-oriented Methodology
· Perform application and infrastructure penetration tests & vulnerability assessments
· Craft and deploy social engineering/phishing assessments
· Perform security reviews of application designs; source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
· Review and define requirements for information security improvements
· Conduct architecture security reviews, application testing, internal vulnerability assessments and external penetration testing modeled after real world attackers (i.e., exploit and pivot)
· Conduct security architecture reviews of the full stack, including applications built on cloud and emerging technologies such as mobile devices
· Conduct manual application security testing and source code auditing for a variety of technologies
· Provide clear, accurate, informative and detailed finding descriptions and remediation guidelines for developers, technical staff, and organizational leaders within Summit client organizations
· Contribute toward the continuous improvement of Summit's security services, including the continuous enhancement of existing testing methodologies, materials, and supporting assets
· Support Summit sales and client engagement efforts by gathering client infrastructure or application details, drafting statements of work, and serving in a pre-sales security engineering capacity
· Other responsibilities include:
o Performing security research on the latest best practices, trends, threats and vulnerabilities, technology frameworks, testing methodology and tools
o Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
o Developing custom tools and exploits to support security review and/or penetration testing
o Drafting high-quality articles, white papers, and client-facing communications in an academically rigorous manner
· Other duties as assigned
Key Qualifications:
· Experience manually testing applications (web, client server, cloud, etc.)
· Enterprise level penetration testing including both internal and external environments
· Experience with a variety of scripting, programming, and markup languages, such as Python, C, C++, Java, PHP, SQL, Scheme, ML, HTML/XHTML, UNIX shell scripting, JavaScript, CSS, Ruby, XML, XSLT, Perl, Lisp, .NET (C#/ASP), Assembly (RISC/CISC), etc.
· Deployment/DevOps technologies such as visual studio, git, kubernetes, docker, puppet, chef
· Proficiency in Windows, Linux, and common IT systems, technologies and toolsets
· Ability to explain networking concepts (Routing, ACL, Load Balancers, Firewalls, VPNs, SSL/TLS, TCP) in order to assess and provide application architecture feedback to clients
· Background in web application development and/or code testing strongly preferred
· Strong verbal, written, and in-person communication and presentation skills
· Passion for discovering and researching new vulnerabilities and exploitation techniques
· Application development background and security knowledge - example of languages include C, C#, C++, Java, J2EE, .NET
· Vulnerability and threat management experience
· Experience with various security tools and products (Fortify, AppScan, Metasploit, SAINT, Nessus, nmap, Wireshark, Burp Proxy, NeXpose, Snort, etc.)
· Good understanding of the components of a secure DLC/SDLC
· Vulnerability analysis debugging and reverse engineering skills
· Understanding of cryptography principles as they apply to data confidentiality and data integrity and source code level identification of cryptography misuse.
· Ability to adapt to client needs and quickly learn new technologies
· Desire to perfect your craft and become an expert in the field of technical security assessments and penetration tests
· Desire to be part of, learn from, and make significant contributions to, a high-performance team of information security professionals
· Reliability; provide dependable and accurate work product, follow-through, and communication, both internally and to clients
· Drive and initiative to tackle new tasks and see them through to completion
· Receptive and teachable for training on new skills, content, and technology. Able to effectively train others in same and related skills and modalities.
· Ability to work effectively in a remote/virtual office environment and at client locations as needed
· Ability to travel approximately 10% of the time as needed
Education & Experience
· BS in Computer Engineering or Computer Science with specialization in Information Security; Master's degree preferred.
· At least three years of hands-on information security experience in large, enterprise environments.
Senior Security Engineer
All of the above plus:
· At least two additional years of hands-on information security penetration testing experience in large, enterprise environments.
· Expert level proficiency in the Key Qualifications noted above.
· Demonstrated success managing security assessment engagements from pre-sales client contact through final report deliverable and knowledge transfer.
· Demonstrated ability to take an academically rigorous approach to solving clients' unique security challenges.
Benefits:
Our client values their employees' time and efforts. Their commitment to your success is enhanced by their competitive compensation and an extensive benefits package, including generous PTO and 401(k) plans.
Plus, they work to maintain the best possible environment for their employees, where people can learn and grow with the company. They strive to provide a collaborative environment where each person feels encouraged to contribute to their processes, decisions, planning and culture.
Our client is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.