Security Validation Engineer (Blue Team)
Location: USA - Remote
Compensation: $150,000 - $175,000
Glocomms are partnered with a Financial Services firm in the search for a Security Validation Engineer to conduct penetration testing and support the Blue Team's daily activities.
The position will focus on improving the overall security posture of the organization to protect assets and staff again threat and vulnerabilities by conducting thorough penetration tests on web applications, mobile applications, cloud (AWS and Azure), and operating systems.
The ideal candidate should have strong experience working with Web, Network, and Mobile applications, understanding of Cloud Security Architecture, DevOps, and strong knowledge of threat actor TTP's.
Key responsibilities:
- Conduct penetration tests against the organization's IT infrastructure, systems, web applications, mobile applications, network applications.
- Conduct thorough reviews on the current applications, cloud and network environment for areas of improvement.
- Ensure appropriate controls are in place to support the Blue Team's testing program.
- Create artifacts and represent finding/reports to senior managements and debrief on issues found.
- Collaborate with management to improve policies and procedures aligned with regulatory requirements and industry best practices to support Blue Team's activities and security testing.
- Collaborate with wider security team and senior leadership for the development of a strategic security roadmap, and onboard new leading-edge technologies, tools, and vendors.
Experience required:
- 5+ years of experience in Cyber/Information Security with 3+ years of Penetration Testing experience.
- Extensive experience and understanding of Cloud Security, Architecture, Web Application, Network Application, and Mobile Application Penetration Testing, and DevOps.
- Deep knowledge of security controls, policies, and procedures aligned to industry standards and regulations.
- Experience AWS automation services such as JSON and Lambda.
- Experience with GitHub Repos and DevOps Pipelines.
- Strong experience with scripting for process automation in Python, Bash, PowerShell, etc.
- Hands-on experience with pen-testing tools such as Metasploit, Kali, Armitage, Cobalt Strike, Wireshark, Nmap, Nessus, Qualys, Bloodhound, etc.
- Strong tactical planning and execution skills.
- Excellent verbal and written communication skills.