Principal Security Engineer
What will you be responsible for?
- Lead penetration testing, vulnerability assessments, and threat modeling activities against internal and external systems, applications, and infrastructure.
- Define objectives and scope of penetration testing activities within an ethical and legal framework.
- Design and execute comprehensive test plans covering functional, non-functional, and security aspects.
- Develop and implement effective security testing methodologies and best practices, ensuring alignment with industry best practices and compliance requirements.
- Identify, prioritize, and report security vulnerabilities: Analyze discovered vulnerabilities, assess their impact, and recommend effective remediation strategies.
- Research, and evaluate current vulnerabilities, provide remediation and configuration guidance.
- Develop and maintain automated test scripts using various testing frameworks and tools.
- Collaborate with stakeholders to develop remediation strategies.
- Foster a culture of learning and development within the team by sharing expertise.
your work week look like?
- Implementing frameworks like MITRE ATT&CK and PTES to design realistic attack scenarios and exploit complex vulnerabilities.
- Identify, log, and report security flaws effectively, providing detailed steps to reproduce.
- Conduct penetration tests against various systems and applications, including web applications, APIs, infrastructure, and cloud environments.
- Conduct post-exploitation activities and assess potential consequences to product owners and stakeholders.
- Prioritize vulnerabilities based on risk and recommend comprehensive remediation strategies.
- Prepare and present security reports and findings to management and stakeholders.
- Collaborating with developers, product owners, and stakeholders to communicate security findings, recommend remediation actions.
- Maintain accurate and up-to-date documentation of Document testing procedures, findings, and recommendations.
Who are we looking for?
- Bachelor’s degree in Computer Science, Information Security, or related field.
- 12+ years of experience in security testing, with at least 6 years of experience with Penetration Testing.
- Experience with industry-standard security testing tools and methodologies (e.g., Burp Suite, Metasploit, Kali Linux, OWASP, CWE, MITRE ATT&CK).
- Experience working with GitHub, CI/CD technology, shift-left tools, and application security workflow.
- Knowledge of relevant security standards and regulations (e.g., PCI DSS, HIPAA).
- Strong scripting and programming skills (e.g., Python).
- Experience with cloud security assessments (Azure).
- Experience with red teaming and social engineering techniques.
- Excellent communication, collaboration, and interpersonal skills.
- Ability to work independently and take ownership of projects.
- Additional certifications, such as CISSP, OSCP, or CEH, are a plus.