Security Engineer

We’re looking for a Security Engineer experienced in application security and software vulnerabilities to join our Services team. You are passionate about information security, willing to learn new things, able to collaborate with others, and are productive working independently in a remote environment. With US offices in Seattle, WA & Wilmington, MA, our Services security team serves a global client base of technology vendors and enterprise IT organizations.

Full-Time, Remote

Responsibilities:

• Work closely with other Application Security Engineers to perform reviews and tests on web and conventional applications as well as embedded, firmware, mobile, and more.
• Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications.
• Create threat models that result in more secure application design.
• Design and develop security testing scenarios.
• Analyze and present results of testing to team members, managers, and customers.
• Write detailed problem reports, test plan documents, and mitigation recommendations as needed.
• Develop tools to aid penetration test automation and effectiveness.
• Review code for common security vulnerabilities.
• Possible travel to client sites to conduct in-person security reviews and assessments

Experience:

• Demonstrating your skills to us our hacking challenge is more important than your resume, but a strong resume for this position includes:
• Penetration Testing and Ethical Hacking
• Dynamic and/or Static Code Analysis
• Software Development
• Interest in conducting Security Research

Must Haves:

• Knowledge of common application security bugs, attack types, and mitigation strategies
• Solid understanding of networking fundamentals
• Demonstrate an ability to code in one or more language
• Above average knowledge of Windows and/or Linux and Unix variants
• Willingness to learn new technologies
• Strong written and verbal communication skills
• B.S. in Computer Science, related degree, or equivalent experience

Nice to Haves:

• Completed OSCP, OSWE, or a similar security certification
• Understanding of application design, development, and testing techniques
• Involved in Bug Bounty programs
• Participated in Capture the Flag events
• Working knowledge of common security testing tools like Burp Suite, SQLMap, Metasploit, Ghidra, IDA, etc.
• Experience with embedded, firmware, and/or IoT technologies
• Experience with applied cryptography and/or blockchain
• Detail-oriented and dependable

Security Innovation is proud to offer the following:

 • Competitive salary and equitable salary structure

 • Flexible work from home and remote options

 • Unlimited paid time off, mental health days, and 12+ company holidays

 • Comprehensive Health, Dental, and Vision insurance options

 • Flex Spending and HSA options

 • 401k with immediate vesting and up to 6% match

 • Generous professional development budget

 • Professional certification, training, and conference opportunities

 • Ample engineer hardware budget

 • Culture focused on health & wellness, diversity, equity, and inclusion