Security Engineer - Dallas - Associate

About The Position

Requirements

• 3 or more years’ experience in one or more technical roles (focusing on application security and cloud security).
• Prior experience in performing Threat Modeling or Secure Design Reviews or Secure Architecture Reviews.
• Knowledge of most common Application Security vulnerabilities - e.g., OWASP Top 10 and cloud security gaps.
• Familiarity with Security standards such as OWASP Testing Guide, OWASP ASVS, NIST, and SANS Top 20.
• Common security controls and how they apply to different designs and systems, including but not limited to secure authentication, access controls, encryption (at rest/in transit), IDS/IPS, DLP, malware, etc.
• Experience in application vulnerability assessment and penetration testing of web, thick-client, or mobile applications.
• Working knowledge of application security tools such as fuzzers, scanners, debuggers, decompilers, proxies, simulators, etc.
• Familiarity with modern and common web stack technologies (e.g., HTTP, HTML5, AJAX, REST, etc.) and platforms (e.g., DropWizard, Spring Boot, AngularJS, React, Tomcat, .Net, Sybase, MS SQL, MongoDB, etc.).
• Familiarity with common cloud services, recommended security best practices, and secure deployment patterns. AWS is preferred.
• Understanding of core cryptography concepts (Encryption, Hashing, HMAC, digital signatures) and how they are applied and attacked in web applications (e.g., TLS attacks, CBC attacks).
• Ability to analyze protocols (OAuth, SAML, OIDC), flows, and interactions in a system design to evaluate gaps.
• Ability to identify threats, abuse cases, and gaps in the design before it is implemented.
• Good written and oral communication to be able to articulate risks to both technical and management stakeholders.

Nice To Haves

• Experience in crafting custom proof-of-concept application exploits using testing tools/frameworks or scripting exploits in Python, Perl, JavaScript, Shell scripting, etc.
• Knowledge of network, application, and operating system security risks.
• MS. in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security.
• Experience or training in related disciplines, e.g., computer science, computer security, software development, system design, open-source frameworks, encryption schemes, etc.
• Experience doing architecture review of Mobile applications.
• Strong experience with AWS security services and best practices (e.g., IAM, Security Groups, KMS, CloudTrail, GuardDuty, Inspector).
• Experience securing trading and payments platforms, including knowledge of relevant compliance requirements (e.g., PCI DSS).
• Experience with infrastructure-as-code tools such as Terraform, CloudFormation or AWS CDK.
• AWS certifications (e.g., AWS Certified Security – Specialty).

Responsibilities

• Perform software architecture design reviews for on-premise or cloud deployments, with a focus on AWS.
• Serve as an Application security liaison for the developers and architects in the respective Business Unit.
• Review security assessment reports from pentest and code review engagements.
• Conduct Read-out Calls with the business to articulate risk and recommend a mitigation strategy.
• Develop secure architecture design patterns, particularly for cloud-native applications on AWS.
• Leverage and integrate AI/LLM-driven tools to streamline security review workflows
• Mentor other junior members of the team.

Benefits

• Benefits
• Wellness offerings
• Personal finance offerings
• Mindfulness programs
• Training and development opportunities
• Firm-wide networks
• Reasonable accommodations for candidates with special needs or disabilities