About The Company
Our firm is a leading private equity and venture capital organization with a global footprint and a reputation for excellence in investment management.
We are committed to fostering innovation, supporting high-growth companies, and maintaining the highest standards of operational integrity.
Our collaborative culture values diversity, continuous learning, and the security of our digital assets.
As we expand our portfolio and digital infrastructure, we are seeking talented professionals to join our team and help safeguard our information systems.
Key Responsibilities
- Perform penetration tests on web apps, APIs, and internal systems; identify and validate vulnerabilities.
- Conduct secure code reviews to detect flaws in critical services (e.g., XSS, SQLi, auth bypass).
- Collaborate with engineering teams to remediate issues and design secure solutions.
- Build and maintain security tools/automation (Python, Go, etc.) to streamline operations.
- Integrate security checks (scans, configs) into CI/CD pipelines.
- Manage and optimize security platforms (WAF, CNAPP, DLP) and monitor alerts/logs.
- Investigate and respond to security incidents; enhance detection rules and response playbooks.
- Promote Secure Development Lifecycle (SDL) practices across teams.
- Stay updated on emerging threats and provide actionable security assessments.
Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or related field.
- 2+ years in application/information security with practical threat experience.
- Strong understanding of OWASP Top 10, common vulnerabilities, and exploitation techniques.
- Hands-on with tools (Burp Suite, Nmap, Metasploit, sqlmap, etc.).
- Skilled in manual/automated code reviews (Python, JavaScript, or Java preferred).
- Proficient in Python scripting for tooling and automation.
- Familiar with modern web security architectures and auth protocols (OAuth2, JWT, SAML).
- Strong analytical, communication, and collaboration skills.
Nice to Have
- Experience in DevSecOps or cloud-native security.
- Knowledge of AWS/Azure security or container security (Docker, Kubernetes).
- Contributions to open-source security, bug bounty programs, or CTFs.
- Industry certifications (OSCP, CISSP, CEH, GIAC) a plus.
Job Benefits
- Competitive compensation and performance-based bonuses.
- Comprehensive health and vision insurance plans.
- Generous paid time off and flexible work arrangements.
- Professional development opportunities, including training and certification support.
- Collaborative and inclusive work environment with industry-leading professionals.
- Access to cutting-edge security technologies and resources.
- Opportunities for career advancement within a prestigious global firm.
#J-18808-Ljbffr