A financial services company in North Carolina is seeking a new Application Security Engineer to join their team in Charlotte.

***This is a hybrid opportunity requiring the qualified professional to work onsite at least 3 days a week.***
Responsibilities:
- Perform penetration testing against products and systems, including web applications, web services, and mobile devices
- Collaborate with stakeholders to develop remediation strategies
- Assist with delivery of secure development training
- Demonstrating practical/working exploitation of security flaws
- Develop and enhance process to automate the delivery of application security metrics
- Act as a mentor for junior team members/interns
- Design, implement, and support security-focused tools and services
- Develop low-level tools that improve security testing, reporting, and monitoring
Qualifications:
- 3-5 years of experience in manual penetration testing of web and mobile applications
- Competent to work independently at an advanced technical level
- Understanding of cloud technologies and environments (AWS, Azure, Google)
- Ability to demonstrate a clear understanding, at an enterprise level, of application, network, infrastructure, and data security architecture
- Knowledge of web application frameworks, deployment technologies and security software
- Scripting capabilities for creating custom scripts to identify/exploit vulnerabilities
- Strong writing skills to produce detailed reports for consumption by stakeholders at all levels from operations to executive
- Experience with secure code review
Desired Skills:
- GPEN, OSCP, CISSP, GWAPT, CEH, or similar certifications
- Proven work experience in manual secure code review
- Experience working with GitLab Ultimate CI/CD technology, shift-left tools, and application security workflows
- Desired scripting experience: One or more of Python, JavaScript, PowerShell, shell script, Ruby, PHP, LUA etc.
- Bachelor’s degree in Information Technology or Computer Science, or equivalent experience
- Inherent passion for information security and service excellence
