Associate Offensive Cybersecurity Engineer - Application Focused

What will you be doing?

Evolve Security is looking for an Web and Mobile Application focused Associate Cybersecurity Engineer to join our growing team. This position will assist with the overall successful delivery of various application vulnerability assessments, continuous internal / external penetration assessments, incident response and detection assessments, and other types of security strategy services and architecture reviews.

Responsibilities include:

• Providing cybersecurity guidance and strategy to Evolve Security clients
• Performing technical network penetration testing and application security assessment projects
• Assisting with building internal Evolve Security processes, procedures, templates and methodologies
• Assisting with development of technology that supports the delivery of cyber security services
• Other duties as assigned to help support the growth and expansion of enterprise and academy initiatives

Requirements

Are you the right fit?

• Passionate about cybersecurity with a curiosity to learn
• 1+ years of information technology experience, ideally with a focus on information security
• At least 1 year of experience in web application and mobile app penetration testing in a consulting role
• Strong understanding of web application and mobile app security principles and common vulnerabilities
• Familiarity with common penetration testing tools such as Burp Suite, Acunetix, Nessus and Metasploit
• Knowledge of multiple operating systems (Windows, macOS, Linux)
• Knowledge of the application stack including, web, mobile and API
• Experience with a variety of database technologies such as MSSQL, MySQL, and MongoDBFundamental knowledge and understanding of networking technologies (IP, TCP, UDP, etc.)
• Scripting experience in one of your preferred scripting languages
• A desire to tinker and understand how things work
• Ability to interface with clients, utilizing consulting and negotiating skills
• Strongly self-motivated and able to work independently towards team objectives
• Strong communication skills (oral and written) and ability to work as part of a team

Preferred Qualifications

• Hold at least one of the following certifications: PJPT, PNPT, OSCP, BSCP, CEH, GWAPT, eCPPT, CRTO, GPEN, Security+, ESCP, OSWA, OSWE
• Experience developing web applications, thick clients or mobile apps
• Experience with common web frameworks (Angular, React, and others)
• Actively engages in the community and personal skill development through activities such as: contributing to open-source projects on GitHub, writing about security topics, participating in CTF competitions, engaging with online cybersecurity labs like HackTheBox and TryHackMe, maintaining a personal home lab to sharpen practical skills, and regularly attending meetings of local cybersecurity groups.
• Skilled in functioning effectively within the major cloud platforms

Benefits

Why join us?

• Progressive startup culture in a high growth organization, with minimal bureaucracy
• Engage in a fast-paced and challenging environment with opportunity to grow your talents
• Evolve Security Academy cybersecurity training
• Paid Company Holidays
• Healthcare Benefits

• 401(k) plan with Employer match
• Parental Leave
• Flexible Paid Time Off
• Annual vacation reimbursement
• Education/conference budget

Who is Evolve Security?

Evolve Security is a technology driven cybersecurity services firm headquartered in Chicago, IL. We are dedicated to improving our client’s security posture by providing Continuous Penetration Testing, training services, and talent solutions.

In addition to our professional cybersecurity service offerings, Evolve Security offers a cybersecurity bootcamp, “Evolve Academy”, currently ranked the #1 cybersecurity bootcamp in the world. The Cybersecurity Bootcamp in Chicago provides immersive training, giving students the concrete and practical skills, needed on the job. Students gain real work experience through live security assessment work that they perform on not-for-profit companies.

We are passionate about directly improving our customers’ security posture, and we proudly train others to help meet the need for qualified cybersecurity talent.