Job Description

Job Title: Security Engineer - MPEN
Location : Dallas, TX or Atlanta, GA
Term/ Duration: 6 Months- Contract

Job Description:

Experience Desired: 10+ Years

• Purple Teaming & Manual Penetration Testing
• Conduct manual penetration tests on web applications, APIs, and mobile apps (Android & iOS), simulating real-world attack scenarios and adversary TTPs123.
• Collaborate with internal teams to execute purple team engagements, combining offensive and defensive security techniques to assess and improve security posture1.
• Front-End Testing
• Perform client-side testing in lower environments, focusing on OWASP Top 10 vulnerabilities, business logic flaws, and fraud risks.
• Test production releases, support remediation efforts, and manage identified vulnerabilities throughout their lifecycle.
• API & Backend Testing
• Assess server-side components and application logic for security weaknesses, including data handling, authentication, and authorization vulnerabilities.
• Manual Code Review
• Review source code (when available) to identify insecure logic, flaws, and exposure of sensitive data.
• Collaborate with development teams to integrate security best practices into the SDLC.
• Mobile App Security Testing
• Reverse engineer Android and iOS applications, conduct dynamic and static analysis, and evaluate app, OS, and network-level security controls.
• Identify vulnerabilities unique to mobile environments, including insecure storage, improper platform usage, and exposed sensitive data.
• Task Automation
• Automate repetitive testing and operational tasks to improve efficiency and consistency in security assessments.
• Security Guidance & Collaboration
• Provide threat-based security guidance and education to engineers and business stakeholders.
• Participate in security design reviews, incident response, and post-mortem analysis as needed.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Proven experience in manual penetration testing of web applications, APIs, and mobile apps.
• Strong understanding of OWASP Top 10, business logic flaws, and fraud risks.
• Experience with reverse engineering, dynamic/static analysis, and security controls for Android and iOS platforms.
• Proficiency in reviewing source code for security vulnerabilities.
• Familiarity with scripting and automation tools for security testing.
• Knowledge of adversary tactics, techniques, and procedures (TTPs) and the ability to simulate them in testing scenarios.
• Strong communication skills and ability to work cross-functionally with engineering and business teams.
• Relevant certifications (e.g., OSCP, CRTO) are a plus.

Job Tags

Similar Jobs