Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than a quarter of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies. Our Cosmos platform was named Best Emerging Technology in the 2021 SC Media Awards and our offerings are consistently ranked as “world class” in customer experience surveys. For more than 16 years, we've been contributing and giving back to the security community. We’ve published more than 16 open source tools and 50 security advisories in the last five years alone. Learn more at bishopfox.com or follow us on Twitter. 

We’re looking for talented, experienced professional penetration tester with a knack for secure application development and a passion for threat modeling.

Who You Are and What You’ll Do

With Bishop Fox, you'll use multidisciplinary expertise in application security and secure development to guide a variety of technical engagements to help our clients build more secure applications. Your responsibilities would include partnering with our clients to help them “shift left” by consulting on secure application design and assessing the security of the architecture of their applications and services. You’ll be a trusted advisor who can lead our clients through architecture security assessments and threat modeling exercises as well as secure code review.

You’ll work on a variety of projects which include short-term engagements and extended program work with established clients; you'll solve challenging technical problems and build creative solutions. As a trusted advisor, you’ll provide your expert opinion to help our clients navigate difficult business decisions. 

Why Bishop Fox

Bishop Fox offers competitive salary, generous benefits, flexible schedules, and negotiable travel. If you’re looking for opportunities to grow professionally, this is the place. You’ll work alongside some of the most talented and experienced security consultants in the industry. We have a casual workplace environment, but we‘re consummate professionals.                                     

Your Education and Experience

You just have to be good at and, most importantly, love what you do. Don’t worry about a piece of paper; we won’t. Here’s a list of qualities we’re looking for:

• Deep knowledge of application security vulnerabilities at both an architectural and implementation level
• Understanding of modern application architectures and design patterns
• Demonstrated experience performing architecture security reviews and threat modeling of web applications
• Experience with DevSecOps, cloud security, microservices, container security and CI/CD engineering is a plus
• Deep familiarity with the OWASP Application Security Verification Standard (ASVS)
• Experience in multiple secure SDLC disciplines including secure code reviews, static/dynamic code analysis and vulnerability assessments/penetration testing.
• Familiarity with dynamic and static application security testing tools.
• Proficiency with performing secure code reviews in multiple programming languages, including C++, C#, or Java. Python, Go and/or Ruby
• Excellent analysis and problem-solving skills and experience developing and refining processes and methodologies
• Desire to contribute to thought leadership in application security and secure design through presentations and blogs
• Effective communication skills: verbal, written and presentation
• BS or MS in Computer Science or similar technical discipline preferred
• Certifications such as CISSP, CSSLP, GWAPT, GWEB strongly preferred

Bishop Fox has always offered its employees the ability to work remotely, and for this role you could work remotely anywhere in the United States.

Interested? Apply today.

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, or veteran status