Vulnerability Management: Perform deep-dive manual penetration testing and security assessments on web applications to identify flaws beyond the reach of automated tools.
Tool Orchestration: Triage and manage results from SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) tools, reducing false positives and prioritizing critical risks.
Code Review: Conduct thorough security code reviews of Node.js applications to identify logic flaws, injection vulnerabilities, and broken access controls.
Automation: Develop Python scripts to automate repetitive security tasks, integrate security checks into CI/CD pipelines, and enhance our internal security tooling.
Remediation & Partnership: Act as a security consultant for developers, tracking vulnerabilities from discovery through to successful remediation and verification.
Standardization: Stay current with the OWASP Top 10 and other industry frameworks to ensure our defense strategies evolve with the threat landscape.

Requirements

Experience: 5+ years in Application Security, Pentesting, or Security Engineering.
Technical Core: Expert knowledge of the OWASP Top 10 and common web attack vectors (XSS, SQLi, SSRF, etc.). Must be able to explain the root cause and remediation of all OWASP vulnerabilities. Experience with testing AI/LLM applications, with a deep understanding of all OWASP LLM Top 10 vulnerabilities.
Development: Proficiency in reading and auditing Node.js code; ability to write automation scripts in Python.
Testing Tools: Experience with Burp Suite Professional, OWASP ZAP, and commercial SAST/DAST/SCA platforms.
Soft Skills: Excellent communication skills with the ability to explain complex security concepts to non-security stakeholders.

Benefits

💻 Work from home with a remote-first community
🏝 Unlimited PTO (and the encouragement to use it)
📝 Student loan payback program
🏥 100% employer-covered medical, dental, and vision options available to you and your dependents
💸 Flexible Spending Account (FSA)
🏠 Monthly stipend toward your WFH setup, vacation, development and more
💰 Employer-sponsored 401(k) with contribution match
🏋🏻‍♀️ Subsidized ClassPass Membership
🍼 Generous Paid Parental Leave

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

penetration testingsecurity assessmentscode reviewNode.jsPythonautomation scriptsOWASP Top 10web attack vectorsremediationsecurity tooling

communication skillsconsultingcollaborationproblem-solvingexplanation of complex concepts