Title: Cyber Security Engineer - Sr. Cyber Security Detection and Response Analyst
Location: Charlotte, NC (1-day remote, 4-days onsite Hybrid model)
Note: This role is NOT open to C2C candidates
The Cyber Security Engineer - Sr. Cyber Security Detection and Response Analyst will be responsible for:
- Performing penetration testing against products and systems, including web applications, web services, and mobile devices, and assisting with the coordination of vendor pen testing services with internal development teams
- Collaborating with stakeholders to develop remediation strategies.
- Demonstrating practical/working exploitation of security flaws
- Developing and enhancing processes to automate the delivery of application security metrics
- Reviewing SAST/DAST output for false positives, and assisting development with remediation
- Serving as an application security Subject Matter Expert
- Participating in threat modeling exercises
- Effectively communicating vulnerability details, risks, and potential impacts to application owners, developers, stakeholders, and partners
- Acting as a mentor for junior team members/interns
- Designing, implementing, and supporting security-focused tools and services
- Developing tools that improve security testing, reporting, and monitoring
Required Position Qualifications:
- 5+ years of experience in manual penetration testing of web, mobile applications, and APIs
- Strong understanding of command lines
- Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and/or application security workflows
- Experience identifying, researching, and evaluating current vulnerabilities, providing remediation and configuration guidance, and collaborating with stakeholders to develop remediation strategies
- An understanding of cloud technologies and environments (AWS, Azure, Google)
- Knowledge of web application frameworks, deployment technologies, and security software
- Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities
- Strong technical writing skills to produce detailed reports for consumption by stakeholders at all levels, from operations to executive
- Ability to demonstrate a clear understanding at an enterprise level of application, network, infrastructure, and data security architecture
- Excellent analytical skills, ability to manage multiple competing priorities under pressure and strict timelines, work well in a demanding dynamic environment, and meet overall objectives
- Ability to interact with company personnel at all levels and across all business units to comprehend business imperatives; a strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience, and build long-term relationships
- Competency to work independently at an advanced technical level
- Ability to produce well-written, detailed reports that describe vulnerabilities/risks and provide specific remediation guidance
Preferred Position Qualifications:
- Proven experience in manual secure code reviews
- Scripting experience with Python, JavaScript, PowerShell, Shell Script, Ruby, PHP, and/or LUA
- A passion for information security and service excellence
- Ability to adapt to new situations and a desire to learn and stay current with AppSec trends, threats, and risks
- A minimum of a Bachelor's Degree in Information Technology or Computer Science, or equivalent experience; GPEN, OSCP, CISSP, GWAPT, CEH, or other similar certification(s)
Note: This role is NOT open to C2C candidates