Title: Cyber Security Engineer – Sr. Cyber Security Detection and Response Analyst

Location: Charlotte, NC (1-day remote, 4-days onsite Hybrid model)

Note: This role is NOT open to C2C candidates

The Cyber Security Engineer – Sr. Cyber Security Detection and Response Analyst will be responsible for:

• Performing penetration testing against products and systems, including web applications, web services, and mobile devices, and assisting with the coordination of vendor pen testing services with internal development teams
• Collaborating with stakeholders to develop remediation strategies.
• Demonstrating practical/working exploitation of security flaws
• Developing and enhancing processes to automate the delivery of application security metrics
• Reviewing SAST/DAST output for false positives, and assisting development with remediation
• Serving as an application security Subject Matter Expert
• Participating in threat modeling exercises
• Effectively communicating vulnerability details, risks, and potential impacts to application owners, developers, stakeholders, and partners
• Acting as a mentor for junior team members/interns
• Designing, implementing, and supporting security-focused tools and services
• Developing tools that improve security testing, reporting, and monitoring

Required Position Qualifications:

• 5+ years of experience in manual penetration testing of web, mobile applications, and APIs
• Strong understanding of command lines
• Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and/or application security workflows
• Experience identifying, researching, and evaluating current vulnerabilities, providing remediation and configuration guidance, and collaborating with stakeholders to develop remediation strategies
• An understanding of cloud technologies and environments (AWS, Azure, Google)
• Knowledge of web application frameworks, deployment technologies, and security software
• Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities
• Strong technical writing skills to produce detailed reports for consumption by stakeholders at all levels, from operations to executive
• Ability to demonstrate a clear understanding at an enterprise level of application, network, infrastructure, and data security architecture
• Excellent analytical skills, ability to manage multiple competing priorities under pressure and strict timelines, work well in a demanding dynamic environment, and meet overall objectives
• Ability to interact with company personnel at all levels and across all business units to comprehend business imperatives; a strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience, and build long-term relationships
• Competency to work independently at an advanced technical level
• Ability to produce well-written, detailed reports that describe vulnerabilities/risks and provide specific remediation guidance

Preferred Position Qualifications:

• Proven experience in manual secure code reviews
• Scripting experience with Python, JavaScript, PowerShell, Shell Script, Ruby, PHP, and/or LUA
• A passion for information security and service excellence
• Ability to adapt to new situations and a desire to learn and stay current with AppSec trends, threats, and risks
• A minimum of a Bachelor’s Degree in Information Technology or Computer Science, or equivalent experience; GPEN, OSCP, CISSP, GWAPT, CEH, or other similar certification(s)

Note: This role is NOT open to C2C candidates

#ALINE11