Head/Lead Application Security Penetration Tester

This is an opportunity to work with a giant in the Mobile Application space where you'll play a pivotal role in securing applications and guiding security testing efforts. This position is ideal for someone passionate about cybersecurity, with a deep knowledge of application security and the ability to uncover and mitigate vulnerabilities.

As a leader, you will oversee security assessments for a cloud-native, microservices-based architecture, with a focus on web and mobile applications, cloud security testing, and adversary emulation. You'll lead efforts to continually improve our security posture while mentoring junior team members and shaping security strategies and best practices.

Responsibilities:

• Lead and mentor a team of penetration testers, offering guidance and expertise to ensure top-quality security assessments.
• Oversee and conduct thorough security testing for development operations and mobile applications (iOS & Android), identifying vulnerabilities and ensuring remediation.
• Perform and supervise detailed source code reviews to detect security flaws or weaknesses.
• Lead the execution of security assessments, compile findings, and provide actionable recommendations to stakeholders.
• Develop and implement comprehensive security testing strategies to enhance the organization's overall security posture.
• Collaborate with global development teams to ensure the ongoing security of globally adopted applications.
• Utilize tools such as SAST, DAST, and SCA to perform static and dynamic code analysis and threat modeling.

Requirements:

• Bachelor's degree in Computer Science, Software Engineering, or equivalent experience.
• Relevant certifications such as GWAPT, OSCP, CEH, or similar.
• 5-7 years of experience in application security testing and source code review, including 2+ years in a leadership role.
• Proficiency in multiple programming languages and a strong understanding of secure coding practices.
• Excellent analytical skills and attention to detail to identify and mitigate vulnerabilities.
• Experience in conducting security testing for developer workflows and mobile applications (iOS and Android).
• Familiarity with project execution, including testing, assessments, and report generation.

Tools & Technologies:

Experience with tools such as Burp Suite Pro, Checkmarx, Corellium, Synopsys, Acunetix, VeraCode, SAST/DAST tools, Plextrac, AWS/Azure/Oracle Cloud, Postman, SmartBear ReadyAPI, SoapUI, and HashiCorp Vault.

Benefits:

Joining OnDefend means becoming part of a mission-driven community focused on making a difference.

Health & Wellness:

• Comprehensive health insurance covering medical, dental, and vision.

Financial Security:

• 401(k) matching to help secure your financial future.

Work-Life Balance:

• Generous Paid Time Off (PTO), including vacation, sick leave, and holidays to recharge.

Professional Development:

• Access to training programs, workshops, and certifications to support your growth.
• Tuition reimbursement for further education related to the role.
• Clear career growth opportunities with defined paths for promotion.

Company Culture:

• A diverse and inclusive environment where every employee is valued.
• Regular team-building activities and social events to foster a collaborative atmosphere.