Identify Security on TwitterIdentify Security on FacebookIdentify Security on LinkedIm

Lead Offensive Security Specialist

Since its founding in 2018, Client has rapidly grown by acquisition and consists of dozens of technology companies across multiple industries. Client is seeking an offensive security professional that can help subsidiary companies (Business Units) identify vulnerabilities within software and infrastructure, while building and executing a scalable secure software development program.

Required Experience:

6

+ Years
Job Locations:

Remote

Location Restrictions:

Remote

Basic Qualifications and
  • Action Oriented & Drive for Results: Enjoys working hard; is action oriented and full of energy for the things seen as challenging; not fearful of action with minimum of planning; seizes opportunity to drive business objectives forward. Can be counted on to meet or exceed goals successfully; is consistent in performance and strives to be a top performer; very bottom line oriented; steadfastly pushes self and other for results.  Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; is excellent at honest analysis; looks beyond the obvious and doesn’t stop at the first answers.
  • Critical Thinking & Continuous Development:  Can effectively cope with change; can shift gears comfortably; ability to synthesize objectives across the organization and take appropriate action without having the total picture; isn’t upset when things are up in the air; can comfortably handle risk and uncertainty.  Learns quickly when facing  new problems; a relentless and versatile learner; open to change; analyzes both successes and failures for clues to improvement; experiments and will try anything to find solutions; enjoys the challenge of unfamiliar tasks;  quickly grasps the essence and the underlying structure of anything.      Deals with concepts and complexity comfortably; capable, and agile.  Applies new learnings to enhance productivity and quality of the work without prompting.  Seeks and applies efficiencies in day-to-day work, constantly improving and streamlining processes to achieve company objectives.
  • Communication & Relationship Building:  Has the ability to perceive reactions via non-verbal signals of others, reason with others to promote thinking and cognitive activity, understand drivers of decisions by interpreting the cause of other’s reactions and what it may mean, and manage relationships by working     collaboratively to reach the best outcome for the company.  Is dedicated to meeting the expectations and requirements of internal and external customers; gets first-hand customer information and uses it for improvements in products and services; acts with customers in mind; establishes and maintains effective relationships with customers and gains their trust and respect.  Actively and consistently seeks to work cooperatively with others, inside and outside the     organization, to accomplish objectives to build and maintain mutually beneficial partnerships, leverage information, and achieve results. Serves as a collaboration catalyst that motivates others to want to collaborate as well.

Responsibilities
  • Define the software security strategy for Client Business Units.
  • Build and execute a repeatable and measured Software Security Program to achieve risk management outcomes.
  • Implement scalable enterprise software security services, including: secure architecture and software development training, secure architecture     standards, secure code review standards, static code analysis processes, software composition analysis and 3rd party library management, dynamic     analysis, web application firewall review and management, application and network penetration testing.
  • Conduct offensive security engagements with Client Business Units, such as infrastructure and application penetration tests and red     team exercises.
  • Manage external security testing vendors, including SAST, DAST, and penetration testing.
  • Participate in M&A due diligence assessments and integrations.
  • Coordinate assessment and risk management needs with various stakeholders across the Client Business Units.
  • Contribute to risk management and governance functions (e.g. manage risk register, gather key metrics)
  • Participate in other activities as necessary: incident response consult, red/blue collaboration.

Required Skills and Experience
  • Experience performing penetration tests of web applications, APIs, and networks.
  • Knowledge and experience implementing scalable application security controls.
  • Track record of secure software control adoption across development teams.
  • OSCP or OSWE-equivalent certification preferred.

Interested in this position?
Fill out the form below!