Security Engineer (Pentesting, Incident Response & Investigations) (Cybersecurity)

TL;DR

Security Engineer (Pentesting, Incident Response & Investigations) (Cybersecurity): Perform manual and automated penetration testing, security assessments of AI/ML features, incident response, and investigations across web applications, APIs, and cloud systems with an accent on prompt injection risks, data leakage, adversarial attacks, and emerging threats. Focus on threat modeling, root cause analysis, remediation collaboration, and playbook improvements to enhance overall security posture.

Location: Primarily office-environment work (no specific location or remote options mentioned)

Company

hirify.global pioneers Customer Experience Automation (CXA) with AI-first solutions for contact centers, recognized as a leader in Gartner Magic Quadrant for CCaaS.

What you will do

• Perform manual and automated penetration testing of web apps, APIs, cloud systems, and AI/ML models.
• Conduct security assessments focusing on AI risks like prompt injection, data leakage, and adversarial attacks.
• Lead incident response including detection, containment, eradication, and post-incident reviews.
• Analyze logs, telemetry, and forensic artifacts for investigations and threat hunting.
• Triage, validate, and prioritize pentest findings; collaborate with engineering on remediations.
• Perform threat modeling (STRIDE) and research emerging threats in AI landscape.

Requirements

• Fluent in English (written and spoken)
• Strong knowledge of application/systems security, web technologies, networking, attack vectors.
• Practical pentesting experience with tools/techniques; OWASP Top 10 for LLMs and AI patterns.
• Experience in security investigations, incident response, log analysis.
• Understanding of cryptography, Linux/Unix proficiency.
• Scripting/coding in Python/Ruby/Java; excellent communication and analytical skills.
• Comfortable in fast-paced, high-pressure situations.

Nice to have

• Cloud-native testing (AWS), microservices/API security.
• Web/mobile app security, DAST/SAST/IAST tools.
• App architecture reviews, security standards (ISO 27001, NIST).
• Certifications: OSCP, OSWE, GSEC, GCIA, CISSP, CISM.
• Familiarity with Git, Ruby, Kotlin, RabbitMQ, Redis, MongoDB, PostgreSQL.

Culture & Benefits

• Inclusive, diverse culture emphasizing respect, curiosity, continuous learning.
• Agile, collaborative practices with peer reviews and autonomous teams.
• Micro-service architecture; global team focused on customer-obsessed innovation.
• Volunteering, non-profit support, minimizing global footprint.
• Empowerment for impact with stability of global leader and agility of disruptor.