Continuous Opening: Senior Application Security Pentester REMOTE

Independent Security Evaluators (ISE) is seeking a talented Mid to Senior level Application Security Pentester to join our team.  Do you enjoy working with wicked smart people, like to hack into things, solve puzzles, and work on cool projects? ISE is the place for you!

What you’ll do at ISE:

• Interface directly as a project lead, senior analyst, or in a scoping capacity
• Mentor junior analysts throughout client assessments, research projects, findings reviews, and general professional and technical development
• Perform hands-on security assessments and reviews on various pieces of technology including but not limited to:
  • Web apps and APIs
  • Mobile apps
  • Networks
  • Cloud architecture and configuration
  • Source code analysis
  • Hardware and firmware
• Create comprehensive assessment reports that clearly identify vulnerabilities, how they impact our client’s digital assets, and remediation strategies
• Provide consultative advice to ISE’s clients regarding best practices, design guidance, new threats, policies and processes, etc. Basically: be their genius friend who helps solve problems.
• Perform research and develop whitepapers/presentations/etc. regarding relevant research, security topics, tools and techniques driven by your areas of interest and expertise
• Opportunity to participate in IoT Village

What you won't do at ISE:

• Use scanners - we might use a scanning tool on occasion but our assessments are designed to find what scanners miss
• Write policy or compliance rules or assess tools for regulatory purposes
• Only hack with your head down - we are looking for folks who will talk with our clients, mentor others, and collaborate on projects, talks, and research

What you bring to the table:

• 4-6+ years in security consulting with a focus on application/software
• Experience with programming and developing exploits
• Familiarity with Unix command line tools and working in CLI environments
• Skillset in the following:
  • Web and desktop application security (Advanced)
  • Cloud security and architecture (Advanced)
  • Mobile application security (Basic)
• Background in the following: 
  • Software vulnerability analysis, code analysis, and fuzzing
  • Reverse engineering through static and dynamic analysis
  • Analyzing cryptographic workflows
  • Analyzing network traffic
  • Experience interacting with clients in a consultative environment
• Strong technical writing and oral communication skills
• Public speaking experience
• Desire to make things better: help our clients secure their products, help your colleagues grow and learn, self-motivated and always seeking improvement

Nice to have (but we can teach you!):

• Skillset in the following:
  • IoT hardware security
  • Network security
  • Red Teamimg
  • AI security
• Experience with digital rights management and digital watermarking
• Experience with secure software development
• Familiarity with industry standard security policies (SOC2, OWASP ASVA, GDPR, ISO 27001, PCI, NIST CSF, etc) and their practical applications
• Experience assessing generative AI technologies and applications

Salary:

Mid Level: $85K-$125K, according to experience

Senior Level: $115K-$165K, according to experience

If you don't think you meet all of the criteria above but are still interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

What we bring to the table:  

• Check out joinise.io for full details
• Work that matters; projects that impact people’s everyday life and wellbeing
• Quality, integrity, dedication, and education: our core values
• Life balance: flexible schedule, work from home options, unlimited vacation
• $0 health premium plan option, including spouse and family
• Opportunities to research and publish, speak at major security events and conferences  
• Leadership and peers that support and mentor you: your growth is our growth, your success is our success  
• Relaxed and fun environment: ditch the suit and tie, sit or stand at your desk or find a sofa  
     

How you’ll learn at ISE:  

Everyone has a mentor, or two or three sometimes. We hold you and ourselves accountable for your advancement. You’ll learn directly from your mentor, your colleagues, resources vetted by the team, and at regular firetalk lunches by your peers – oh, and lunch is on us once a week in the office. You also have access to paid training, workshops, university courses, certification courses, and we’ll pay for the certs too. Want to learn a new skill that you aren’t currently using but want to? Great! Innovation is key–new technology is important.  

About ISE:  

ISE is an independent security consulting and software firm headquartered in Baltimore, Maryland, dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment. Our team enjoys working in a creative, educational, and comfortable environment where they can thrive professionally.  

Building a Better Community:

We value different viewpoints and fresh perspectives. We embrace people who challenge our thinking and question the status quo. We are opposed to narrow minded, exclusionary, and discriminatory viewpoints or practices that inherently undermine our creative process, hinder growth, and impede innovation.

Need more info?  

Be sure you spend some time at www.ise.io. Make sure you look through all the perks on the Careers page, then check out our Research and Blog, our events page for the IoT Village, and About page. Follow us on Twitter @ISEsecurity and @IoTvillage