United States onlyJoin Our Mission: To Save the World from Unsafe Mobile Apps!NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. As the standards-based mobile app risk management company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security, privacy, safety and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers continuous security and compliance with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP,and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.www.nowsecure.com
YOUR OPPORTUNITY
Looking to build your problem-solving and vulnerability hunting abilities? As an Application Security Analyst, you’ll have the opportunity to use your skills in mobile and web security, application pen testing, and networking protocols to support our public and private sector customers. Working on a team of penetration testing, vulnerability assessment, and risk management experts, you’ll perform web application pentests as well as reverse engineering and vulnerability analysis of both iOS and Android mobile applications, connected wearables, medical devices and cutting edge automotive technologies. Take part in partnerships with other industry leaders and make a meaningful contribution to the security research and testing community. You’ll even be able to leverage your security research prowess and join us in our 5G and baseband security laboratory! Are you ready to help us on our mission to save the world from unsafe mobile apps?
RESPONSIBILITIES
- Perform regular vulnerability assessments, risk assessments, or penetration tests for NowSecure’s customers to include web and mobile applications, wearable devices, API, and IoT.
- Create technically sound and actionable reports for customers informing upon identified vulnerabilities and paths to mitigation.
- Convey technical topics to a variety of audiences including developers and security teams, both internal and external to NowSecure.
- Take the part of a trusted advisor and provide your opinion as a subject matter expert to help our customers navigate business decisions as it comes to risk.
- Develop automation or tooling where necessary to introduce efficiencies into the testing process.
- Demonstrate a resourceful and creative approach to solving technical and procedural problems and build creative solutions.
- Work with a variety of projects which includes short-term engagements and extended program work with long-term customers.
SKILLS AND EXPERIENCE NEEDED FOR SUCCESS
- Bachelor's Degree and three years of work experience, or in lieu of a Bachelor's Degree, 6-8 years of related cyber security work experience will be accepted
- 4+ years experience in penetration testing or vulnerability assessment of web, mobile, or IoT applications/devices
- Deep understanding of security fundamentals (OWASP MASVS, OWASP MSTG), common vulnerabilities, and application security best practices.
- Experience conducting network traffic captures / packet captures (PCAP) including familiarity with proxies such as OWASP ZAP, mitmproxy, Charles, Fiddler, Burp Suite, etc.
- High proficiency in web security analysis, including mapping of the application’s attack surface, vulnerability discovery, exploitation, and attack vector chaining.
- Experience rooting or jailbreaking mobile devices.
- Demonstrated experience with programming and scripting languages such as Python, Ruby, PowerShell, Java, JavaScript, etc.
- Demonstrated familiarity with iOS or Android system internals.
- Strong familiarity with DAST and SAST technologies.
- Solid understanding of TCP/UDP ports and protocols and web requests including POST, GET, HTTP headers, user agents, request parameters, cookies, etc.
- Strong technical writing skills.
- Proficiency with operating systems- Linux, Windows, MacOS.
- Self-starter with the ability to work independently, interface with multiple teams, and willingness to overcome challenging problems while identifying opportunities for improvement.
- Ability to multi-task and context switch to work on multiple project requests in parallel.
- Strong desire to learn and be willing to invest the time necessary to address knowledge gaps.
- Ability to work on a team or independently and be able to prioritize tasks.
DESIRED SKILLS (Stand out from the crowd…)
- Previous professional services or consulting experience.
- Previous red teaming, research or analytics experience.
- Background in system and network security, authentication and security protocols, and applied cryptography is helpful
- Experience using Frida for any type of application security project
- Binary reverse engineering using Binary Ninja, IDA Pro, or Radare (r2).
- Experience with AWS or Google cloud environments preferred with an understanding of its major technologies.
BONUS POINTS (You have our attention…)
- Experience with LTE and GSM protocols.
- Past experience with NowSecure tools.
- Experience with bug bounty and vulnerability disclosure programs.
- Published CVEs.
- Active security certifications, including: OSCP, CHFI, CEH, GPEN, GWAPT, eMAPT, GMOB, CPENT, GXPN
- Advanced relevant academic training, such as a Master’s degree in Computer Science, Computer Forensics, Cyber Security, or related field.
WE VALUE DIVERSITY
We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences.
COMPENSATION & BENEFITS
- The salary band for this position ranges is competitive and commensurate with experience and performance. This position will be eligible for a competitive annual bonus and equity package.
- Comprehensive Medical/Dental/Vision coverage
- 401K Plan + Company Match
- Remote work flexibility
- Home Office Stipend
- Paid Parental Leave
- Flexible PTO
