Cyber Security Engineer
Charlotte, NC, United States
Title: Cyber Security Engineer – Sr. Cyber Security Detection and Response Analyst
Location: Charlotte, NC (1-day remote, 4-days onsite Hybrid model)
Note: This role is NOT open to C2C candidates
The Cyber Security Engineer – Sr. Cyber Security Detection and Response Analyst will be responsible for:
Performing penetration testing against products and systems, including web applications, web services, and mobile devices, and assisting with the coordination of vendor pen testing services with internal development teams
Collaborating with stakeholders to develop remediation strategies.
Demonstrating practical/working exploitation of security flaws
Developing and enhancing processes to automate the delivery of application security metrics
Reviewing SAST/DAST output for false positives, and assisting development with remediation
Serving as an application security Subject Matter Expert
Participating in threat modeling exercises
Effectively communicating vulnerability details, risks, and potential impacts to application owners, developers, stakeholders, and partners
Acting as a mentor for junior team members/interns
Designing, implementing, and supporting security-focused tools and services
Developing tools that improve security testing, reporting, and monitoring
Required Position Qualifications:
5+ years of experience in manual penetration testing of web, mobile applications, and APIs
Strong understanding of command lines
Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and/or application security workflows
Experience identifying, researching, and evaluating current vulnerabilities, providing remediation and configuration guidance, and collaborating with stakeholders to develop remediation strategies
An understanding of cloud technologies and environments (AWS, Azure, Google)
Knowledge of web application frameworks, deployment technologies, and security software
Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities
Strong technical writing skills to produce detailed reports for consumption by stakeholders at all levels, from operations to executive
Ability to demonstrate a clear understanding at an enterprise level of application, network, infrastructure, and data security architecture
Excellent analytical skills, ability to manage multiple competing priorities under pressure and strict timelines, work well in a demanding dynamic environment, and meet overall objectives
Ability to interact with company personnel at all levels and across all business units to comprehend business imperatives; a strong customer/client focus, with the ability to manage expectations appropriately, provide a superior customer/client experience, and build long-term relationships
Competency to work independently at an advanced technical level
Ability to produce well-written, detailed reports that describe vulnerabilities/risks and provide specific remediation guidance
Preferred Position Qualifications:
Proven experience in manual secure code reviews
Scripting experience with Python, JavaScript, PowerShell, Shell Script, Ruby, PHP, and/or LUA
A passion for information security and service excellence
Ability to adapt to new situations and a desire to learn and stay current with AppSec trends, threats, and risks
A minimum of a Bachelor’s Degree in Information Technology or Computer Science, or equivalent experience; GPEN, OSCP, CISSP, GWAPT, CEH, or other similar certification(s)
Note: This role is NOT open to C2C candidates
#ALINE11