- Familiarity with common web application testing tools such as Burp Suite, Fortify, etc.
- Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
- Ability to learn new technologies quickly and provide appropriate security advice
- Good understanding of web application architecture and design principles
- Strong written and verbal communication skills and communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
- Should have knowledge or keen to learn how to test code and applications across various platforms for security
- Current or former security training or certifications such as SANS GWAPT, GPEN, CEH or similar is a plus
- Background in software engineering and common development practices in a collaborative and dynamic environment
- Experience with AWS services
- Performing technical security assessments on our web applications and mobile applications
- Tracking and responding to issues detected during internal reviews or reported via our Vulnerability Assessment and Penetration Testing
- Maintaining and creating secure development practices and programs for our engineering teams
- Seeking out opportunities to automate processes when appropriate
- Communicating risks effectively to engineering staff through training and technical demonstration of vulnerabilities
- Identifying risk in code, applications, processes, and architecture