Sr. Offensive Engineer | Web Application Penetration Testing (Remote)

Who is Trace3 ?

Trace3 is a leading Transformative IT Authority, providing unique technology solutions and consulting services to our clients.

Equipped with elite engineering and dynamic innovation, we empower IT executives and their organizations to achieve competitive advantage through a process of Integrate, Automate, Innovate.

Our culture at Trace3 embodies the spirit of a startup with the advantage of a scalable business. Employees can grow their career and have fun while doing it!

Trace3 is headquartered in Irvine, California. We employ more than 1000 people all over the United States. Our major field office locations include Atlanta, Denver, Detroit, Indianapolis, Grand Rapids, Lexington, Los Angeles, Louisville, San Diego, San Francisco, and Scottsdale.

Ready to discover the possibilities that live in technology?

Come Join Us!

Street-Smart - Thriving in Dynamic Times

We are flexible and resilient in a fast-changing environment. We continuously innovate and drive constructive change while keeping a focus on the big picture.

We exercise sound business judgment in making high-quality decisions in a timely and cost-effective manner. We are highly creative and can dig deep within ourselves to find positive solutions to different problems.

Juice - The Stuff it takes to be a Needle Mover

We get things done and drive results. We lead without a title, empowering others through a can-do attitude. We look forward to the goal, mentally mapping out every checkpoint on the pathway to success, and visualizing what the final destination looks and feels like.

Teamwork - Humble, Hungry and Smart

We are humble individuals who understand how our job impacts the company's mission. We treat others with respect, admit mistakes, give credit where it’s due and demonstrate transparency.

We bring the weather by exhibiting positive leadership and solution-focused thinking. We hug people in their trials, struggles, and failures not just their success.

We appreciate the individuality of the people around us.

About the Role :

The Senior Offensive Security Engineer will lead offensive security campaigns for our clients to improve their ability to protect, detect and respond to known adversaries.

This position will reduce cyber risk by uncovering vulnerabilities and weaknesses in our client’s enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios.

The Sr. Engineer will work closely with team members to plan, coordinate, execute and report on sophisticated ethical hacking exercises, to identify cyber vulnerabilities and reduce the risk posture of enterprise systems.

This role will be primarily responsible for performing application and OS security assessments and will make recommendations on effective countermeasures.

A key function of this role will be building deep relationships, gaining trust, and enabling client success.

What You’ll Do :

• Performs client penetration testing to find any vulnerabilities or weaknesses that might be exploited by a malicious party, using open-source, custom, and commercial testing tools
• Assist in development of internal infrastructure design for research, development, and testing focused on offensive security
• Conducts periodic scans of networks to find and detect vulnerabilities
• Lead scoping engagements by clearly articulating various penetration approaches and methodologies to audiences ranging from highly technical to executive personnel
• Report generation that clearly communicates testing and assessment details, results, and remediation recommendations to clients
• Develop scripts, tools, and methodologies to automate and streamline internal processes and engagements
• Conduct IT application testing, cybersecurity tool and systems analysis, system and network administration, and systems engineering support for the sustainment of information technology systems (mobile application testing, penetration testing, application, security, and hardware testing)
• Conduct cloud penetration testing engagements to assess specific workloads (i.e., AWS, GCP, Azure, containers, or other PaaS and SaaS instances) for vulnerabilities and subsequently attempt to exploit identified weakness after receiving permission from client stakeholders
• Provide recommendations to clients on specific security measures to monitor and protect sensitive data and systems from infiltration and cyber-attacks including response and recovery of a data security breach
• Maintain a firm grasp on the industry and anticipate trends and movements while balancing maturity and timing
• Contribute to Trace3’s presence and brand in the Security community

Qualifications & Interests :

• Bachelor’s degree in Engineering in Computer Science or Information Technology or a related technical field; or equivalent related professional experience
• OSCP, OSCE, GXPN, PTX, WPTX, or MASPT certification(s) is a huge plus
• CISSP, CISM, CEH, or THP certification(s) preferred
• Advanced understanding of one or more Unix / Linux / Mac / Windows operating systems
• 6-8 years' experience in at least three of the following : Red Team penetration test tools such as Kali, ParrotOS, Bloodhound, MetaSploit, BurpSuite, OWASP Zap, etcNetwork penetration testing and manipulation of network infrastructureMobile and / or web application assessmentsShell scripting or automation of simple tasks using Perl, Python, Go, Powershell or RubyDeveloping, extending, or modifying exploits, shellcode or exploit toolsDeveloping applications or scripts in C#, ASP, .

NET, ObjectiveC, Go, Java (J2EE), Python, or Ruby

• Experience with at least one or more of the major cloud providers (AWS, Azure, and GCP)
• Expert knowledge of tools used for wireless, web application, and network security testing
• Expert knowledge of current web application structure and strong ability to test both modern and older web applications
• Motivated self-starter who loves to solve challenging problems and feels comfortable working directly with customers
• Excellent oral, written communication, and presentation skills with an ability to present client security sessions and security workshops to C-Level Executives and non-technical audience
• Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment
• Ability to approach customer and sales requests with a proactive and consultative manner; listen and understand user requests and needs and effectively deliver
• Comfortable managing multiple and changing priorities, and meeting deadlines in an entrepreneurial environment

The Perks :

• Comprehensive medical, dental and vision plans for you and your dependents
• 401(k) Retirement Plan with Employer Match, 529 College Savings Plan, Health Savings Account, Life Insurance, and Long-Term Disability
• Competitive Compensation
• Training and development programs
• Wellness Program
• Stocked kitchen with snacks and beverages
• Collaborative and cool office culture
• Work-life balance and generous paid time off
30+ days ago