Expert Security Engineer (Cybersecurity)

TL;DR

Expert Security Engineer (Cybersecurity): Conducting advanced penetration testing and ethical hacking across applications, infrastructure, and cloud environments with an accent on identifying design flaws and exploiting vulnerabilities. Focus on application security reviews for Java-based systems, implementing remediation strategies, and providing secure design consultation.

Location: Remote (Must be based in the US or Canada)

Salary: $100,000 - $120,000 USD

Company

hirify.global delivers health IT solutions, including Sunrise, Paragon, and TouchWorks EHR, to support caregivers and elevate care delivery globally.

What you will do

• Lead and execute advanced penetration tests and ethical hacking engagements against critical systems, applications, and networks.
• Conduct in-depth security reviews of Java-based applications to uncover design flaws, coding vulnerabilities, and misconfigurations.
• Independently identify, analyze, and validate security vulnerabilities with high fidelity, demonstrating potential impact through exploitation.
• Articulate complex technical findings and actionable remediation strategies through written reports and presentations for technical and non-technical audiences.
• Provide expert consultation to development and operational units on secure design principles and security best practices.
• Maintain awareness of current security vulnerabilities and attack vectors to proactively communicate recommendations.

Requirements

• 5+ years of progressive experience in cybersecurity, with at least 3 years dedicated to ethical hacking, penetration testing, and application security.
• Must be based in the US or Canada.
• Proven expertise in network, web application, API, and cloud penetration testing (e.g., Microsoft Azure Security).
• Deep understanding of OWASP Top 10, SANS Top 25, and secure coding practices.
• Exceptional verbal and written communication skills for conveying security insights to internal stakeholders and customers.
• Experience with security technologies such as EDR, IDS/IPS, Firewalls, and SIEM from an attacker's perspective.

Nice to have

• Proficiency in scripting languages like Python or PowerShell for automation and custom tool development.
• Advanced offensive security certifications such as OSCP, OSWE, GPEN, or GWAPT.
• Industry-recognized certifications like CISSP, CompTIA Security+, or CySA+.
• Expert knowledge of Linux and Windows operating systems.
• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related technical field.