Application Security Pen Tester (Security Engineer)
Long-Term Contract
Anywhere, US (100% Remote)

Job Description:

Summary:
Our client is seeking a strong Security Engineer with AppSec pentesting expertise specifically, must be hands-on
Should have IAST, SAST, DAST tools expertise too
This person will need to be adept to the latest OWASP Top 10 vulnerabilities and other advanced issues like Server Side Request Forgery (SSRF), Domain Takeover, and must be able to very clearly articulate security risks to application teams across our clients organization and then help them in remediation of any security issues
The main function of a Security Engineer is to plan, coordinate, and implement security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information

Job Responsibilities:

• Identify security issues and risks, and develop mitigation plans.
• Design, implement, support, and evaluate security-focused tools and services, including project leadership roles.
• Develop and interpret security policies and procedures.
• Participate in security compliance efforts.
• Develop and deliver training materials and perform general security awareness and specific security technology training.
• Evaluate and recommend new and emerging security products and technologies.
• Conduct hands-on application penetration testing.
• Clearly articulate security risks to application teams and assist in remediation of security issues.

• Bachelor's degree in a technical field such as computer science, computer engineering, or related field required.
• 6-8+ years of experience in security engineering, system and network security, authentication and security protocols, cryptography, and application security.
• Strong experience and detailed technical knowledge in security engineering.
• Consistent implementation of security solutions.
• Experience in infrastructure or application-level vulnerability testing and auditing.
• In-depth knowledge of OWASP Top 10 and other advanced application security issues such as SSRF, Domain takeover, etc.
• Experience with SAST, DAST, IAST tools.
• AWS experience is a plus.
• Certifications such as GWAPT and Portswigger Academy are a plus.

• This position is with our client and is a contract role.
• Hands-on application penetration testing is required.