The primary focus of this position is application security, pen testing , threat modeling and mitigation. TCP is seeking an Ethical Hacker experienced in application security testing and helping companies improve security posture across a portfolio of SaaS based web applications. The Cybersecurity Engineer App Se Role is a position providing an opportunity to work in a fast-paced collaborative environment protecting TCP Software cloud infrastructure from cyber threats. TCP Software treats security as the number one priority due to its significant effect on consumer privacy, customer confidence, and external reputation. This position plays a critical role in delivering that vision through continuous threat analysis, the implementation of DevSecOps processes, and ensuring regulatory compliance. Cybersecurity Engineers must be agile, willing to learn, and able to think outside of the box in order to operate effectively in an ever-changing threat landscape.
Basic Function of Position:
- Drives the TCP Application Security and Vulnerability Management program to include intelligence context and analysis support, provide industry expertise and recommend relevant/concrete remediation and countermeasures
- Works closely with various teams and departments conducting and overseeing penetration testing as it relates to applications as well as summarizing the results and providing actionable items and supporting information. Triages issues and prioritizes them according to a threat levels.
- Provides leadership in assessing new threat vectors, evaluating the effectiveness of current controls, and utilizing intelligence analysis to create proactive mitigation around threats and vulnerabilities.
- Work closely and collaboratively with development/QA departments and leadership to ensure adherence to secure software developing standards and technical integration with cloud infrastructure as necessary
Required/Desired Knowledge, Skills, and Abilities
- Bachelor’s degree in computer science, MIS, or Information Security or equivalent work experience
- At least 5 or more years of relevant work experience
- Professional and strong experience deploying and running various penetration testing tools including Metasploit, Burp Suite, Nessus, Nmap, Kali Linux, Wireshark, Hydra to mention a few. As well as SAST, DAST, SCA scan tooling and reporting.
- Experience with cyber threat intelligence, security research, security operations, and/or incident response
- Security certifications CEH, GIAC, CISSP, CCSP and software application development experience a big plus
- Knowledge of privacy regulations and security frameworks SOC, CCPA, GDPR
- Solid understanding of the OSI Network model as well TCP/IP protocol stack
- Working knowledge of industry standards such as NIST and CIS
- Strong understanding of the OWASP and SANS models related to application threats and vulnerabilities
- Great communication skills both oral and written ensuring point gets across clearly
- A forensic approach to incidents and investigations including relevant tools and procedures
- Ability to work in a highly collaborative environment
- Self-starter and driven to get the job done
- Demonstrated effective organizational and technical skills
- Critical thinking skills, problem-solving aptitude
- Desire to self-educate on the ever-changing landscape of cyber hacking tactics
- 20 Days of PTO (Paid Time Off) and 13 days of companywide holidays
- 8 hours to volunteer and impact the community
- Comprehensive benefits (Health/Dental/Vision/ 401K)
- The work/life set up you need to be successful.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided