Senior Application Security Pentester

Independent Security Evaluators (ISE) is seeking a talented Senior Application Security Pentester to join our team.  Do you enjoy working with wicked smart people, like to hack into things, solve puzzles, and work on cool projects? ISE is the place for you!

What you’ll do at ISE:

• Interface directly as a project lead, senior analyst, or in a scoping capacity
• Mentor junior analysts throughout client assessments, research projects, findings reviews, and general professional and technical development
• Perform hands-on security assessments and reviews on various pieces of technology including but not limited to:
  • Web apps and APIs
  • Mobile apps
  • Networks
  • Cloud architecture and configuration
  • Source code analysis
  • Hardware and firmware
• Create comprehensive assessment reports that clearly identify vulnerabilities, how they impact our client’s digital assets, and remediation strategies
• Provide consultative advice to ISE’s clients regarding best practices, design guidance, new threats, policies and processes, etc. Basically: be their genius friend who helps solve problems.
• Perform research and develop whitepapers/presentations/etc. regarding relevant research, security topics, tools and techniques driven by your areas of interest and expertise
• Opportunity to participate in IoT Village

What you won't do at ISE:

• Use scanners - we might use a scanning tool on occasion but our assessments are designed to find what scanners miss
• Write policy or compliance rules or assess tools for regulatory purposes
• Only hack with your head down - we are looking for folks who will talk with our clients, mentor others, and collaborate on projects, talks, and research

What you bring to the table:

• 4+ years in security consulting with a focus on application/software
• Experience with programming and developing exploits
• Familiarity with Unix command line tools and working in CLI environments
• Background in the following:
  • Web, desktop, and mobile application security
  • Cloud and system architecture design
  • Software vulnerability analysis, code analysis, and fuzzing
  • Reverse engineering through static and dynamic analysis
  • Analyzing cryptographic workflows
  • Analyzing network traffic
  • Experience interacting with clients in a consultative environment
• Strong technical writing and oral communication skills
• Public speaking experience
• Desire to make things better: help our clients secure their products, help your colleagues grow and learn, self-motivated and always seeking improvement

Nice to have (but we can teach you!):

• Experience with digital rights management and digital watermarking
• Experience with secure software development
• Familiarity with industry standard security policies (SOC2, OWASP ASVA, GDPR, ISO 27001, PCI, NIST CSF, etc) and their practical applications

Salary:

$115K-$165K, according to experience

If you don't think you meet all of the criteria above but are still interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

What we bring to the table:

• Check out www.ise.io/careers for full details
• Work that matters; clients and projects that impact people’s everyday life and wellbeing
• Quality, integrity, dedication, and education: our core values
• Life balance: flexible schedule, work from home, unlimited vacation
• $0 health premium plan option, including spouse and family
• Opportunities to research and publish, speak at major security events and conferences
• Leadership and peers that support and mentor you: your growth is our growth, your success is our success
• Relaxed and fun environment: ditch the suit and tie, sit or stand at your desk or find a sofa

How you’ll learn at ISE:

Everyone has a mentor, or two or three sometimes. We hold you and ourselves accountable for your advancement. You’ll learn directly from your mentor, your colleagues, resources vetted by the team, and at regular firetalk lunches by your peers – oh, and lunch is on us three days a week. You also have access to paid training, workshops, university courses, certification courses, and we’ll pay for the certs too. Want to learn a new skill that you aren’t currently using but want to? Great! Innovation is key–new technology is important.

About ISE:

Independent Security Evaluators (ISE) is an independent security consulting firm headquartered in Baltimore, Maryland with offices in San Diego, dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment. Our team enjoys working in a creative, educational, and comfortable environment where they can thrive professionally.

Building a Better Community:

We value different viewpoints and fresh perspectives. We embrace people who challenge our thinking and question the status quo. We are opposed to narrow minded, exclusionary, and discriminatory viewpoints or practices that inherently undermine our creative process, hinder growth, and impede innovation.

Need more info?

Be sure you spend some time at www.ise.io. Make sure you look through all the perks on the Careers page, then check out our Research and Blog, our events page for the IoT Village, and About page. Follow us on Twitter @ISEsecurity and @IoTvillage

Tags