Descripción de la oferta
This senior role blends proactive design with hands-on security validation in web application development. You will focus on long-term security improvements by identifying and mitigating risks before they materialize. ● Architect & Threat Model: Lead security design reviews and conduct in-depth threat modeling for new products and critical infrastructure. ● Research & Build: Investigate emerging threats and novel attack vectors, then use your findings to design and build defense strategies to mitigate them. ● Assess & Penetrate: Perform hands-on penetration testing and security assessments against our most complex systems to discover and validate vulnerabilities. Requirements: ● 7+ years of hands-on experience, with a portfolio of long-term security engagements (e.g., multi-month projects). ● Significant, proven experience in advanced web application penetration testing, demonstrating an ability to find complex, business-logic-driven vulnerabilities (e.g., multi-stage auth bypasses, complex injection flaws), not just common automated findings. ● Strong programming and scripting skills (Python preferred) with experience building security tools, automation, or prototypes. ● Deep technical knowledge in application security and secure architecture. Additional expertise in domains like network security, cryptography, or cloud is a plus.. ● Full professional proficiency in English (written and verbal), required for documenting complex findings and debating architectural designs. Nice to have: ● Experience securing modern technologies like serverless architectures or AI/ML platforms. ● Experience with secure architectures for cloud-native environments (AWS, GCP, Kubernetes). ● Relevant industry certifications (e.g., OSCP, OSCE, CISSP).
