What's The Role:

You’ll be trusted to conduct security assessments from start to finish with minimal assistance. Depending on the project you may perform white, black, or gray box assessments and may develop proof of concept code to demonstrate the severity of findings. You'll tap into your "security instincts" to find vulnerabilities and break down complicated technical issues and the risks they pose to programmers, network engineers, system administrators, and management. You will collaborate with those teams to ensure correct design, development, and implementation of internal and customer facing projects. While deep technical skills are critical to success with us, we're also looking for fast learners who are passionate about security and are constantly researching to stay ahead of the newest threats. You should be analytical and love to problem solve. Teamwork is key so it's important that you know how to collaborate and be a great teammate.

You'll Need To Have:

•  3+ years of experience working in a similar role
•  Experience leading and performing static and dynamic analysis on customer facing applications, websites, and large enterprise networks
•  A consistent record of discovering, analyzing, and exploiting application vulnerabilities and misconfigurations on Windows and Linux platforms
•  The ability to work with stakeholders throughout the vulnerability lifecycle to communicate issues and provide remediation guidance
•  Proficiency in reading, writing, and auditing C, C++ and Python, as well as the ability to pick up new languages/technologies
•  Proficiency in at least one scripting language such as Python
•  Experience developing custom tools when necessary
•  Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
•  Knowledge of secure network design and system architecture

We'd Love To See:

•  Proficiency in using IDA Pro, Ollydbg/Immdbg, Windbg, Burp proxy, and other software analysis/debugging tools
•  Prior work as a consultant at a highly technical information security consultancy
•  Publicly disclosed vulnerabilities (CVEs) and open-source tools