Information Security Engineer Lead (Red Team)

About The Position

Requirements

• 6+ years of experience in penetration testing, application security, and red team operations in high-growth organizations.
• Understanding of application frameworks and security pitfalls.
• Proven expertise in web and mobile application penetration testing (DAST and SAST).
• Experience leading a team of 3-5 members in security testing.
• Familiarity with tools such as Burp Suite Professional, Metasploit, Tenable, SQL Map, and Nmap.
• Experience with regulatory compliance like FedRAMP and PBMM.
• Ability to develop exploits and tooling from vulnerabilities pre and post exploitation.
• In-depth knowledge of OWASP Web and Mobile Top 10 vulnerabilities.
• Good knowledge of TCP/IP and application/network level protocols.
• Ability to author and issue reports on application and system scans.
• Exposure to cloud service providers like AWS and GCP.
• Experience in automating security tasks using Python or other scripting languages.
• Creative thinking and ability to implement new attack approaches.
• Relevant university degree and/or professional certifications (e.g., CEH, OSCP, CISSP).
• Excellent written and verbal communication skills.
• Self-motivated and knowledgeable about current events.

Responsibilities

• Act as a Subject Matter Expert (SME) for offensive security technical areas.
• Perform comprehensive security assessments of web and mobile applications, containers, Kubernetes, thick clients, and cloud environments.
• Implement SAST, DAST, and SCA processes for security triage.
• Communicate and collaborate with stakeholders such as engineering, SRE, and QA for security initiatives.
• Assist in regulatory compliance efforts like FedRAMP and PBMM.
• Support junior team members in report authoring and day-to-day operations.
• Recreate proofs of concept from security reports.
• Support the Product Security Incident Response Team (PSIRT).
• Automate day-to-day red team tasks.