Application Security Engineer

We dream. We grow. We innovate. We move fast!


  • Two years in an Information Security role, preferably in red  teaming, penetration testing, reverse engineering or vulnerability  management
  • Experience with interpreted or compiled languages: Python, Go ,Javascript
  • Knowledge in OWASP Top 10 of Mobile, API and Web
  • Knowledge in DevSecOps
  • Experience with cloud service providers and their offerings, preferably AWS and GCP and its various technologies and APIs
  • Experience with various testing tools, such as Kali,Metasploit, Nmap, Nessus, Burp Suite, etc.
  • Experience with SAST and DAST
  • Experience providing training
  • Demonstrable teamwork skills and resourcefulness
  • Ability to make concrete progress in the face of ambiguity and imperfect knowledge
  • Familiar with offensive TTPs (Tactics, Techniques and Procedures) including post-exploitation and lateral movement
  • OSCP Certified will be a plus
  • Experience in CTF competitions, CVE research and/or Bug Bounty recognition will be a plus
  • Prefer an IS person in DISC

Job Description

  • Conduct full cycle engagements with business units independently, or as part of a team.
  • Perform various vulnerability assessment and  manual penetration  testing of application, mobile apps, web sites, and networks to discover  and document vulnerabilities in regular basis
  • Thoroughly document vulnerabilities and other findings.
  • Communication skillset to influence Developers and Product Managers to prioritize and execute remediation plans.
  • Perform static code analysis to discover and document vulnerabilities in regular basis
  • Verify IT teams have coded according to best practices, verified  that comprehensive code review was done properly, and test for  vulnerabilities and provide solid guidance to the teams.