Sr. Security Engineer (PEN)

Location: Westminster, CO
Date Posted: 04-12-2019
The Information Security team employs progressive, dynamic, cutting-edge security assurance measures. This position is located onsite at our Colorado office, and will be working alongside the Security Assurance and Cyber Security staff to enable and ensure the alignment of the application security program to the security requirements of our customers and perform additional security assurance functions.
  • Application, API, and Mobile security testing
  • Identifying and performing risk-based prioritization of vulnerabilities based on industry standards
  • Participating in ethical hacking and penetration testing as part of the Red Team
  • Continued support for migrating into "DevSecOps" model
  • You will provide technical expertise to, and potentially running security projects
  • 3+ years of experience working within application security discipline
  • 3+ Years leading security initiatives or efforts for a mid to large enterprise
  • Work history includes 3-5 years of performing application security assessments and providing SME level support for remediation of findings
  • Working Knowledge of OWASP methodologies for testing, assessing risk, and improving application security programs
  • Can determine, defend, and demonstrate the exploitability of a vulnerability and determine residual risk after considering mitigating controls
  • Strong experience with testing APIs and native and web based mobile applications for security defects
  • Experience developing and continuously improving metrics and communicating the appropriate messaging on the health and progress of the application testing program
  • Advanced understanding of common IT security controls and frameworks
  • Familiarity with methods and coding to fix application security issues including experience suggesting code changes to fix security defects
  • Hands-on experience with application security enterprise grade testing tools and open source testing tools
  • Familiarity or experience with Penetration testing methodologies and/or Red teaming
  • Knowledge of concepts for securing networks and systems
  • BA/BS Degree in Information security or equivalent, have some supporting work experience, or alternatively reputable security certifications and equivalent work experience.  
  • Understanding of the Agile development framework(SAFE Agile preferred)
  • Tried team player, works well with others but can easily transition to working alone when required
  • Independent, ambitious, driven and eager to grow and learn
  • Expert communicator, able to articulate “technical issues in developer or business terms; able to convey “technical” security issues to leadership
  • Ability to independently solve problems from definition to closure
  • Proven ability to multitask in a fast, dynamic environment built on multi-vendor
this job portal is powered by CATS