Cybersecurity Test Engineer – Remote
Decision Point Security Inc. is currently seeking a dedicated and skilled Cybersecurity Test Engineer to join our growing team.
As a cybersecurity test engineer you will be responsible for validating the security posture of customer applications and platforms through vulnerability research / analysis and penetration test. Your ability to think creatively about potential threats and develop and execute test cases using latest cyber threat Tactics, Techniques, and Procedures (TTPs) to assess exposure will ensure that our clients achieve and maintain cyber resilience.
Responsibilities:
- Plan and execute red / purple team activities, including simulated attacks, application penetration testing, and risk assessments.
- Lead and participate in threat model development
- Evaluate and analyze identified vulnerabilities to assess risk levels and provide clients with informed recommendations on technical security measures and compliance activities.
- Develop and Automate testing tools.
- Identify and provide improvements on existing services, including continuous improvement of methodologies, tools and reports.
- Ensure quality control measures are adhered to for test execution and the production of delivery artifacts.
- Write clear and concise reports detailing findings and recommendations for remediation of identified vulnerabilities.
- Review application and systems for compliance with applicable security standards and best practices.
- Conduct / contribute to comprehensive risk assessments and vulnerability analyses to identify potential security threats and mitigate risks.
The listed responsibilities are not exhaustive and additional responsibilities may be assigned based on the evolving needs of the organization. We are seeking a dynamic individual who is able to adapt and take on new responsibilities as they arise.
Preferred Experience and Qualifications:
- Hold a Bachelor’s degree from an accredited college in a relevant discipline, or equivalent experience.
- Experience in a consulting/professional services role
- Strong understanding of cybersecurity principles, technologies, and best practices, including encryption, authentication, access control, and secure coding practices.
- Experience in Application Security and/or Software Development
- Familiarity with software development methodologies and practices, particularly Agile and DevSecOps.
- Experience with DevOps and/or Security Maturity Modelling (e.g. OWASP SAMM)
- Cloud Service penetration testing tradecraft and methodologies across one or more service providers (e.g. AWS, GCP, etc.).
- Network/host-based penetration testing tradecraft and methodologies.
- Proficiency in web application penetration testing.
- Skilled at translating technical implementation (infrastructure as code and configuration as code)
- Experience conducting / contributing to comprehensive risk assessments and vulnerability analyses
- Experience testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FEDRAMP, or HITRUST
- Assessment of security controls across modern enterprise services architecture
- Ability to work independently and as part of a team
- Strong technical writing skills.
- Relevant technical certifications such as: Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP) certification.
Required:
- US Citizenship
- Ability to hold clearance
Additional Information:
- Work will be conducted remotely.
- A variety of alternate work schedules are supported
Desired Expertise: