Senior Security Engineer

We are seeking an experienced and highly skilled Senior Security Engineer with over 5 years of experience in penetration testing and vulnerability management. This role requires deep expertise in identifying, assessing, and mitigating security vulnerabilities across various platforms and systems. The successful candidate will lead security assessments and collaborate closely with cross-functional teams to ensure our organization's security posture is robust. In addition, strong programming skills are essential to automate and streamline testing processes. Knowledge of OWASP, SANS25, CVE, and MITRE frameworks is crucial for this role.

This is an excellent opportunity for a seasoned security professional to make a significant impact on our organization's security posture by leading and enhancing our penetration testing and vulnerability management efforts. If you are passionate about cybersecurity and possess the required skills and experience, we encourage you to apply.

Responsibilities

• Conduct hands-on penetration testing of Generative AI applications and integrations, web applications, mobile applications, cloud environments, and Thick Client application ecosystems to identify vulnerabilities.
• Lead and manage the penetration testing and vulnerability management program, ensuring thorough planning, execution, and reporting.
• Validate identified vulnerabilities by removing false positives and develop remediation plans in conjunction with relevant teams.
• Utilize knowledge of OWASP Web, LLM and Mobile Top 10, SANS Top 25, CVE, and MITRE ATT&CK frameworks to guide security assessments and threat modeling.
• Work with the product development team and follow up on the security defects.
• Automate penetration testing processes, including onboarding, scanning, and reporting using available toolsets and scripting languages (e.g., Python, Perl, Bash).
• Automate the vulnerability management process and day-to-day tasks.
• Interface with executive leadership and technical staff to communicate findings, strategies, and remediation plans effectively.
• Develop and maintain penetration testing and vulnerability assessment methodologies, procedures, and tools.
• Stay current with the latest security threats, vulnerabilities, and trends, and integrate this knowledge into testing procedures and methodologies.
• Conduct security assessments for third-party vendors and suppliers to ensure compliance with security standards and policies.
• Prepare comprehensive reports and presentations that convey complex security findings to both technical and non-technical stakeholders.
• Collaborate with various teams within the organization, including Product Development, Blue Team, Security Engineering, and Vulnerability Management, to ensure comprehensive security coverage.
• Procure, develop, and maintain an inventory of security tools needed for various operations.
• Identify, collect, and report metrics related to the program's progress, operations, and findings.
• Research and assess new threats and vulnerabilities, providing informed recommendations for mitigating risks.