Job Description

Position Title : Offensive Security Specialist

Location : Hybrid (3 days onsite)

Experience Required : 6+ years in application security testing

Compensation : $65 per hour

Position Overview :
The Application Offensive Security Consultant will be a key member of the Application Security team, dedicated to supporting the Technology Risk initiative for offensive security assessments. The primary focus of this role is performing application security testing, including red teaming and manual threat hunting, and providing expert security guidance on key projects. This role offers a hybrid work structure, requiring onsite work 3 days per week.

Key Responsibilities :

• Conduct red teaming activities against applications and APIs, identifying and mitigating potential risks.
• Perform thorough manual (non-automated) security testing on applications.
• Conduct application threat hunting, assessing risk levels and vulnerability exposure.
• Produce detailed reports on assessment findings, summarizing technical issues and recommended remediation strategies.
• Act as a Subject Matter Expert (SME) in application defense, assisting with security engineering inquiries and enhancements.
• Collaborate with Security Architects, Product Managers, and Risk Managers to ensure security best practices in application design and implementation.

Qualifications :

• Bachelor's degree in a related field or equivalent experience.
• Minimum of 6 years in application security testing, with a consistent background in manual testing and threat hunting.
• At least 4 years of experience in conducting red teaming engagements.
• Proficiency with application security testing tools, specifically Burp Suite Professional and OWASP ZAP.
• In-depth knowledge of OWASP Top 10, SANS Top 25 vulnerabilities, and effective mitigation strategies.
• Familiarity with the MITRE ATT&CK Framework and adversarial tactics.
• Ability to assess and test countermeasures for misconfigurations and bypass controls.
• Offensive Security Certified Professional (OSCP) or GIAC Web Application Penetration Tester (GWAPT) certification preferred but not required.
• Experience Level : Associate
• Education Level : Bachelor's degree or equivalent experience

Personal Attributes :

• Strong analytical skills with a proactive approach to identifying and mitigating risks.
• Effective communicator, able to explain vulnerabilities and security concepts to both technical and non-technical audiences.
• Detail-oriented, adaptable, and thrives in high-pressure, fast-paced environments.
• Passionate about security, with a curiosity for hands-on problem-solving and technical challenges.

Why Join Us?
This position offers the chance to work with a dedicated Application Security team within a leading financial services firm, contributing to the company's proactive security posture. You'll gain hands-on experience with advanced security assessment techniques and work with cross-functional teams to build secure, high-quality applications. This role comes with the opportunity for skill development and career growth within an innovative and supportive environment.

Job Tags

Similar Jobs