Ethical Hacker

The Ethical Hacker is responsible for verifying that our cloud based Software-as-a-Service (SaaS) web applications are secure. The role involves performing threat modeling, security assessments, and ethical hacking of our web applications. In addition, the Ethical Hacker will be producing reports that document the risk of vulnerabilities identified by security assessments and penetration tests for each product team and our auditors.

Are you the teammate that we are looking for?

Who you are:

  • Passionate about information security and privacy

  • An evangelist regarding the importance of information security

  • Well versed in security issues affecting financial service organizations as well as widespread data center operations, such as cloud and mobile technology solutions

  • Committed to an ongoing partnership with other high profile groups within the organization (e.g. software development, infrastructure) to insure information security objectives are being understood and embraced

  • Established presence within information security communities

  • Ability to anticipate problems and recommend decisive action

  • Excellent communication skills (both written and oral)

  • Ability to work collaboratively across the organization

  • Values their role as an advisor and business enabler more than their role as a rule enforcer

  • Self-driven, creative, and resourceful

How we work:

  • Casual, collaborative environment which embraces and operates under our shared principles

  • Complete transparency with open, honest discussions about our progress

  • Close working relationships across all areas of the organization

  • Focus on outcomes and learning

What we offer:

  • A strong commitment to Information Security both financially and organizationally

  • An existing talented and passionate Information Security team

  • The chance to meaningfully contribute to a vast market opportunity

  • A collaborative environment where our security team is empowered to help steer the direction of the team

  • A place to contribute your security knowledge company-wide through forum panels with our product development team

  • Annual training allowance to learn new things and bring it back to the team.

  • Flexible remote work schedule

What you bring:

  • 2-5 years of hands-on experience with full-stack web development, with experience in client side programming (HTML, JavaScript, CSS, AJAX) and SQL

  • Bachelors'/Master's Degree in InfoSec, Computer Science, or a related discipline, or ability to obtain industry relevant cybersecurity certifications such as CCSLP, CISSP, CCSP, OSCP, CEH is a plus

  • Ability to perform both manual and automated code reviews

  • Solid understanding of object oriented programming concepts

  • Solid understanding of OWASP and other software security best practices

  • Familiarity with security and testing tools such as Burp Suite

  • Experience with threat modeling and security design review methodologies

  • Knowledge of the software development lifecycle and the ability to create and read code in a modern object-oriented programming language (such as or Python) and writing SQL scripts and web code (HTML/CSS/Javascript/etc.)

  • Experience in one of the scripting languages Python, Ruby, Perl, PHP

  • Experience in assessing security of native and hybrid mobile applications beyond the use of automated tools

  • Experience interpreting results from Static Code Scanning tools

  • Strong knowledge of Security Token Services, Federated Identity Providers, SAML 2.0, claims-based security and other SSO technologies

During the last three months, you would have:

  • Evaluated security threats, assess the potential impact to the business, and implement strategies to detect and generate alerts on security incidents

  • Performed threat modeling, ethical hacking (both automated and manual), and security assessments on our web and mobile applications.

  • Worked collaboratively with IT and Software Development to continually improve our security posture.

  • Calculated risk and created reports that documented our current risk of vulnerabilities identified from penetration tests for a variety of product teams.

  • Handled escalations quickly and worked closely with our product teams to verify that any identified vulnerabilities are addressed

Apply Now

Back to jobs