Please submit resumes via e-mail only: . Must reference “Code 98101” in e-mail subject line.
Telecommuting permitted, can perform duties anywhere in US. Multiple openings.
Duties:- Work closely with other application security engineers to perform reviews and tests on Web and Conventional applications as well as embedded, firmware, mobile, and more.
- Perform in-depth security assessment of crypto configurations.
- Ensure the cryptographic implementations provide data integrity, confidentiality, and non-repudiation.
- Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
- Create threat models that result in more secure application design.
- Design and develop security testing scenarios.
- Perform cloud configuration audits and cloud design reviews.
- Analyze and present results of testing to team members, managers, and customers.
- Write detailed problem reports, test plan documents, and mitigation recommendations as needed.
- Develop tools to aid penetration test automation and effectiveness.
- Review code for common security vulnerabilities.
- Possible travel to client sites to conduct in-person security reviews and assessments (travel is very limited, up to 2 to 3 times a year at most for up to 5 business days).
- Education: Master’s degree in Information Security, Computer Science or related field.
- Experience in conducting penetration tests for high profile customers or products.
- Experience working in R&D teams on fast paced, and high impact projects.
- Experience in writing and reviewing technical reports on vulnerabilities findings.
- Experience in communicating with clients about discovered vulnerabilities and participated in kick-off meetings.
- Knowledge of common application security bugs, attack types, and mitigation strategies.
- Knowledge of reverse engineering techniques.
- Knowledge of creating cyber risk and threat modeling.
- Knowledge of applied and theoretical cryptography.
- Basic knowledge of Post-quantum Cryptography and NIST Post-quantum Cryptography Standardization.
- Solid understanding of networking fundamentals.
- Solid understanding of system-level design such as memory allocation, assembly language, process control, and concurrent programming.
- Knowledge of cloud infrastructure and performing cloud configuration reviews.
- Demonstrate an ability to code in one or more languages.
- Basic understanding of Mobile security testing tools.
- Knowledge of reverse engineering malwares including unpacking and bypassing obfuscation and conducting forensic analysis.
- Working knowledge of common security testing tools like Burp Suite, GNU Debugger, Ghidra, IDA, Ollydbg.
- Ability to conduct research on a technical topic and deliver presentations for a technical audience.
- Demonstrate strong interpersonal and communication skills.
$114,000 - $124,000 a year
Security Innovation is proud to offer the following:
• Competitive salary and equitable salary structure
• Flexible work from home and remote options
• Unlimited paid time off, mental health days, and 12+ company holidays
• Comprehensive Health, Dental, and Vision insurance options
• Flex Spending and HSA options
• 401k with immediate vesting and up to 6% match
• Generous professional development budget
• Professional certification, training, and conference opportunities
• Ample engineer hardware budget
• Culture focused on health & wellness, diversity, equity, and inclusion
Security Innovation, Inc., 187 Ballardvale St, Ste A195, Wilmington, MA 01887.
#J-18808-Ljbffr