Enterprise Security Engineer (Pen Testing)

TL;DR

Enterprise Security Engineer (Pen Testing): Performing full stack security assessments across diverse environments, including web applications, operating systems, network infrastructure, and cloud platforms with an accent on threat modeling and mitigation techniques. Focus on developing automated processes and collaborating with engineering teams to drive secure development lifecycle solutions.

Location: San Francisco or Bellevue, CA

Company

Enterprise Security secures our enterprise environment that serves our rapidly growing workforce!

What you will do

• Perform full stack security assessments across web applications, operating systems, network infrastructure, and cloud platforms.
• Threat model common attacker methods to develop appropriate mitigation techniques.
• Develop automated processes and support improvement of tooling to identify and solve problems at scale.
• Collaborate with engineering teams and business partners to drive solutions through a secure development lifecycle.
• Define and develop technical security standards and guidelines with business partners.
• Research new technologies, emerging threats, and vulnerabilities for strategic planning and process improvements.

Requirements

• 2-4 years of experience in a security role with a focus on application and network security, penetration testing, or threat modeling.
• Knowledge of network security models, application security, and exploit mitigation techniques.
• Hands-on experience performing security assessments with tools such as BurpSuite, Nexpose, Nessus, Metasploit, and Nmap.
• Experience performing manual and tool-assisted code reviews (Java, JavaScript, Python, and other languages).
• Experience designing solutions and/or performing security assessments in cloud environments (AWS, Azure, Google Cloud).
• Excellent communication skills and the ability to collaborate effectively with diverse stakeholders.

Nice to have

• Confirmed scripting experience in Bash, PowerShell, Python, Java, or JavaScript / NodeJS.
• Security certification such as OSCP, OSEP, GCIH, GCIA, GPEN, GWAPT, GMOB, GPPA, CCNP, CCNP Security, or CCIE Security.
• Knowledge of development and security practices on the Salesforce platform, hirify.global, Slack, Mulesoft, and/or Tableau.

Culture & Benefits

• Be part of a team that is dedicated to making a positive impact on the world.
• Advance your career in a dynamic and innovative environment.