7 Senior Application Security and Penetration Testing Engineer Jobs in New York, NY
Sorry! This job is no longer available. Please explore similar jobs listed on the left.
Capital Group is Hiring a Senior Application Security and Penetration Testing Engineer Near New York, NY
As the Senior Application Security ("AppSec") and Penetration Testing Engineer you are an individual contributor in the Capital Group (CG) AppSec team. The CG AppSec team is part of Information Security in CG's Information Technology Group. In the role you will be performing web application and network penetration tests, code reviews, security design reviews, red/purple team assessments, and providing security signoffs for technology initiatives. You will be discovering security issues by threat modeling, code reviews (Java, TypeScript/JavaScript, Python), and dynamic application testing. As the Senior Application Security ("AppSec") and Penetration Testing Engineer you will also be responsible for performing red and purple team assessments for Capital Group's detective security controls. The team members are geographically dispersed with varying experience levels. As the senior member on the team, you will be creating proof-of-concept exploits for the security issues discovered. You will be responsible for coordinating and communicating with the key technology stakeholders for delivery of security assessments and explaining technology risks and mitigations. This role is hybrid (in-office 3 days/week) and can be in Los Angeles CA, Irvine CA, San Antonio TX, or New York NY depending on candidate current location and/or preference.
In addition, you will be responsible for:
- You will be performing AppSec reviews including threat modeling, code reviews, and penetration testing.
- You will leverage your experience with SAST, DAST, SCA tool findings and translating them to severity of risks to perform this in Capital Group's technology environment.
- You will write clear, succinct, and effective technical documentation summarizing your findings, risks, and recommendations.
- You will write automated proof-of-concepts, and automated security tests by authoring security testing tools.
- You will collaborate with technology stakeholders and advise on risks for technology solutions.
- You will perform red and purple team tests of detective tooling including EDR tools, security telemetry tools, anti-virus software, having knowledge of MITRE ATT&CK Framework (Cloud, macOS, Windows, Linux), AI-based software systems.
- You will communicate effectively and have an empathetic outlook towards development teams by authoring clear, actionable guidance on writing secure code.
- You will effectively present to development teams educating them on secure development.
- You will create and organize Capture-the-Flag competitions and participate in such competitions.
- You have a bachelor's degree in computer science, a related field, or equivalent experience.
- You have a minimum of 5 years of experience in application security, penetration testing.
- You have a strong understanding of network security, TCP/IP, DNS, TLS, HTTP, IPSec, 802.11, etc.
- You have experience with security protocols and/or technologies such as REST APIs, Burp Suite, ZAP, Linux, Windows, macOS, nmap, Metasploit, Powersploit, Lolbins, etc.
- You have the ability to automate tasks in Python, bash, Java, C/C#/C , Rust, etc.
- You have a strong understanding of attacks in AWS, Azure, GCP, OAuth, websockets, etc.
- You have excellent communication skills (written, oral), with the ability to simplify and document complex technical details to both technical and non-technical audiences.
- You can learn quickly and have a track record of developing a deep understanding of systems and risks to the business.
- You can work independently and take the initiative to drive security initiatives forward.
- You can juggle multiple tasks and coordinate/delegate to achieve speedy resolutions to application security-related security incidents working with Security operations.
Southern California Base Salary Range: $148,045-$236,872
San Antonio Base Salary Range: $121,706-$194,730
New York Base Salary Range: $156,935-$251,096
In addition to a highly competitive base salary, per plan guidelines, restrictions and vesting requirements, you also will be eligible for an individual annual performance bonus, plus Capital's annual profitability bonus plus a retirement plan where Capital contributes 15% of your eligible earnings.
You can learn more about our compensation and benefits here .
We are an equal opportunity employer, which means we comply with all federal, state and local laws that prohibit discrimination when making all decisions about employment. As equal opportunity employers, our policies prohibit unlawful discrimination on the basis of race, religion, color, national origin, ancestry, sex (including gender and gender identity), pregnancy, childbirth and related medical conditions, age, physical or mental disability, medical condition, genetic information, marital status, sexual orientation, citizenship status, AIDS/HIV status, political activities or affiliations, military or veteran status, status as a victim of domestic violence, assault or stalking or any other characteristic protected by federal, state or local law.
Job Summary
Full Time
$108k-130k (estimate)
02/10/2024
04/11/2024
capitalgroup.com
FORKED RIVER, NJ
7,500 - 15,000
1931
$3B - $5B
Related Companies
About Capital Group
Since 1931, Capital Group, home of American Funds, has been singularly focused on delivering superior results for long-term investors using high-conviction portfolios, rigorous research and individual accountability. Today, Capital Group manages more than $1.7 trillion in equity and fixed income assets for millions of individual and institutional investors. Capital Group is a private firm that employs more than 7,500 associates in offices around the world. For more than 80 years, our goal has remained the same: to improve peoples lives through successful investing. *Weve been made aware of an ...employment scam fraudulently using Capital Groups name.* -Capital Group does not schedule interviews or make job offers solely via Twitter, chat or text messages. -Capital Group requires a completed job application prior to consideration for an interview and job offer. If you are unsure whether youre communicating with Capital Group, please contact us at (800) 421-4225 or employmentfraud@capgroup.com to verify your job interview or offer. For important legal information please click the company details website link: https://www.capitalgroup.com/us/landing-pages/linkedin-terms-of-use.html
More
Show less
Similar Jobs
Popular Articles
