Security Engineer - Penetration Testing

Caseware is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages. While you might not have heard of us (yet) over 36,000 accounting and audit professionals list Caseware as a skill on their LinkedIn profiles!
We are seeking an experienced Penetration tester to join our team. This individual is tasked with uncovering vulnerabilities across various systems and applications to safeguard against potential threats. This role spans a comprehensive array of environments, including desktop and cloud infrastructures, web applications, and containerized deployments. A strong grasp of security principles, testing methodologies, and the ability to marry manual and automated detection techniques are critical to the success of this role.

Key Responsibilities:

• Execute continuous tests across desktop, web applications, cloud environments, and container deployments, pinpointing vulnerabilities and security weaknesses.
• Collaborate with numerous teams to weave security testing into the fabric of Caseware
• Work with the organization to deploy mechanisms capable of proactive detection of risk to the organization.
• Maintain and stay up to date with new and emerging threats to Caseware.
• Conduct vulnerability assessments across the organization utilizing tools, tactics, and procedures indicative of both internal vulnerability programs, and external threats.
• Continually educate the organization to emerging threats and risks blending industry standards such as OWASP Top 10, with internal practices and patterns.
• Work with the organization to report on vulnerabilities and their associated remediation plans.

Qualifications and Skills:

• 3+ years of experience in a similar role
• Experience  in penetration testing against cloud platforms, web applications, and workload security
• Experience running, operating, and reviewing SAST, DAST, RASP, tools
• Proficient with commercial and open source tools such as; OWASP ZAP, SonarQube, Github Advanced Security, CodeQL, Checkmarx, Metasploit, Burp Suite, among others.
• A keen understanding of DevOps practices and familiarity with infrastructure as code tools.
• Familiarity or previous experience with TypScript, Javascript,Go, C/C++,C#, Angular
• Expert with scripting languages such as Python, Bash, Powershell
• Familiarity with cloud native security tools and services
• Excellent verbal and written communication skills

Relevant Certification Experience:

• OSCP or GPEN, OSCE or other specializations a plus
• Cloud-specific certifications like AWS Certified Security - Specialty or Microsoft Certified: Azure Security Engineer Associate

Perks & Benefits:

• Contrato a termino Indefinido with all the legal benefits
• Prepaid Medicine
• Life insurance and funeral assistance
• Internet allowance
• Home office stipend
• Competitive compensation — above the market average
• 100% remote work environment and an excellent work-life balance
• Opportunity to work for a growing global SaaS leader company
• A culture that promotes independence, innovation, trust, and accountability
• Open space to be creative innovative and strategize for the future
• Mentorship by a highly experienced professional
• Budget for training: we want you to grow
• 5 Personal Time Off days per year
• Sick Leave Top up to a total of 100% of salary paid by the employer from Day 3 to 90.

About Caseware
Caseware's cutting-edge software products are meticulously designed for accounting firms, corporations, and governments. Our teams are continually collaborating, innovating, and building upon our existing suite of products. With a customer-focused mindset, we are building technology that is shaping what the future of audits, financial reporting, and financial data analytics will look like.
With a recent strategic investment from Hg Capital in 2020, Caseware is now in its next major growth phase as we double down on the people and products that have made Caseware so successful to date.
One of Caseware's core values is Many Voices, One Team and with that in mind, we're dedicated to building teams as diverse as our customers in an equitable and inclusive way. We welcome and encourage candidates of all backgrounds to apply. Should you require accommodations or have any questions at any point during the application or interview process, please e-mail our People Operations team at careers@caseware.com.
Any candidates successful in obtaining an offer for a position will need to successfully complete a background check through Certn.co which typically includes an Identity Verification and Criminal Record Check. Executives and Senior Managers will undergo a Soft Credit Check as well.
#LI-Remote