Key Responsibilities / Duties:

Maintaining security operational processes supporting the Secure SDLC Running application penetration tests based on clear objectives and test plans Soliciting input from stakeholders on testing scope Build threat models for various types of systems, and changes to systems Perform architectural reviews of applications for evaluating their security posture Provide project teams with security requirements based on company security policies and industry best practice Provide consulting services to stakeholders on remediation and mitigation strategies Perform manual validation on issues found from penetration testing or automated testing tools Writing reports based on testing output Research industry trends and news sources for emerging threat patterns, attack techniques, and vulnerabilities Validate recommendations, mitigations, and workarounds for issues found Perform after hours testing in accordance with business requirements Write and customize testing tools and scripts to automate testing functions Build positive relationships with peers and operations teams who’s controls are under evaluation Other duties as assigned Work Experience / Knowledge:

Minimum 5 years of relevant experience in information security Minimum 3 years in application Security and penetration testing OSCP, CEH, Pentest+, or CISSP in good standing Prior knowledge of application and network penetration testing tools, scripting languages, software vulnerabilities, exploits and malware Prior experience of vulnerability management and mitigation design Possess a solid understanding of enterprise-grade technologies including operating systems, databases, web applications, DevSec Ops concepts, agile methodologies, modern SDLCs, & applicable monitoring tools Network infrastructure knowledge Proficient operational understanding of how to ascertain, validate, and employ data from sources that are generally available to the public Fluent in the techniques that hackers utilize to attack an organization and understand how to pull information from large data sets and how to structure information for reuse Skills / Other Personal Attributes Required:

Experience of working in a high volume and result-oriented operational environment Ability to communicate assertively – verbally as well as in writing- technical information clearly and concisely, commensurate with the audience Maintain strict confidentiality of all security issues Must be assertive, methodical and detail oriented Must be intensely curious, innovative, and think beyond existing procedures. Must be able to build rapport quickly and positively influence outcomes. Must mentor, cross-train, and oversee more junior resources on the team.
Must be a team player and self-starter Ability to multi-task and work on more than one initiative at a time Flexible – able to meet changing requirements and priorities Maintain current knowledge for all applicable technical areas Formal Education:

BS or equivalent in information security, computer engineering, or computer science