Application Security Consultant (NY)
New York City | New York, NY | Full Time
iSEC Partners is looking for security-focused engineers and researchers to join our application security consulting and research practice. Job duties will include penetration testing, security analysis, and cutting-edge research into current technologies and attacks. You will spend most of your day thinking about security systems and how they can break. This is a very creative job that gives individuals a lot of freedom to be clever while learning new technologies at a very fast pace. Typical engagements will pair you with another experienced security consultant who you will learn from and teach along the way. Engagements are usually 2-4 weeks long. In a year, you will be exposed to 15-20 products and technology stacks. Your work will typically initiate person-months of security improvements in products millions of people use. You will have access to senior engineers/architects and your findings/ideas will be heard by senior decision makers. You will have enormous impact in making the software people use safer. All of our consultants are also security researchers, with dedicated research time. Check out some of our research work here:
iSEC Partners is a proven full-service security consulting firm that provides penetration testing, secure systems development, security education, and software design verification. Our security assessments leverage our extensive knowledge of current security vulnerabilities, penetration techniques, and software development best practices to enable our clients to secure their systems against ever-present threats on the Internet.
Primary emphasis is placed upon helping software developers build safe, reliable code. Areas of research interest include application attack and defense, web services, mobile application security, operating system security, privacy, storage network security, and malicious application analysis.
You're someone who loves to dig into things, take them apart, and figure out how they work.
You don't just use computers, but know how they work -- and how to exploit their weaknesses. You know how to make tools to get the job done, not just use them.
You'd enjoy doing cutting edge security research and telling the world about it.
You can deliver clear and concise written and spoken information to clients in a way that will help them improve their security posture.
Bachelor's degree in Computer Science / Engineering or equivalent experience
Significant experience in one of the following, and exposure to two others:
- C/C++ Programming for Windows
- C/C++ Programming for Unix
- Mobile application development (Android/iOS)
- Web application development (Rails, PHP, ASP.NET, etc.)
- Java Programming
- .Net Programming
Strong foundation in the following:
- Computer architecture
- Operating system internals and architecture
- Penetration testing fundamentals
- Incident response forensic experience
- Written and spoken communication skills
- Competitive base
- 401(k) with matching
- Paid independent research time
- Dedicated personal education budget for purchasing tools and training
- Bonuses for research output, such as public speaking at top tier security conferences, tool releases, and whitepapers
- Commuter checks
- Sabbatical plan
- Excellent work environment with some of the best minds in the security field