Security Engineer Overview: Two Barrels is hiring a Security Engineer for $175,000/year. You will be a traditional company employee. This is a full time 40 hour/week position with company benefits. This is a remote position. Our main office is in Spokane WA, and we have satellite offices in Austin TX and Salt Lake City UT. We are expanding our team to include a Security Engineer to be 100% focused on our security efforts. As the right candidate, you will have experience working in-house as a full-time penetration tester, a regular 3rd party bug bounty program pen tester, or in a similar security type role. Your job will be to identify our vulnerabilities to help keep our information safe and secure. Location: Remote | Spokane – Austin – SLC | Duration: Full Time Wage: $175,000/year Responsibilities: Understand and safely use various open source penetration testing tools and when appropriate, emulating hacker tactics, techniques, procedures Create security vulnerability reports for both technical and executive audiences While in-between assessments, you will be expected to help our security engineers think through solutions to problems you find Automate tasks and script at a basic level to enhance penetration testing processes Passion for learning new technologies and processes, and contributing to refining existing capabilities Communicate with stakeholders (technical and non-technical), both verbal and written Stay up to date on 0 day exploits for tech stacks we use Minimum Qualifications: Solid fundamentals in webapp and network pentesting (2+ years). Pentesting experience in mobile apps, APIs, and/or cloud environments a bonus Experience with Linux, cloud environment testing as well as Ruby and Python web frameworks Understanding of security issues for desktop, virtual, cloud services and network infrastructures Working knowledge of information systems security standards/practices (e.g., access control and system hardening, system audit and log file monitoring, security policies, and incident handling) Experience with secure network protocols and encryption of communications between networked hosts Experience in IT systems and security policies, standards, industry trends, and techniques Experience with assessing APT threats, Penetration Testing, Vulnerability Management, attack methodologies, forensics analysis techniques, malware analysis, attack surface comprehension, Cyber Threat Emulation operations, Cyber Advanced Threat Emulation Team operations and research, identification, and/or verification of new APT TTPs Fundamental understanding of security knowledge of testing mobile, native applications, web applications, distributed and database systems Must be detail-oriented and possess strong problem-solving skills and ability to analyze for potential future issues Solid understanding of common webapp vulnerabilities, exploitation techniques, and remediation options Why you might like this job: You’ve changed a price on a website you were checking out on to see if it worked. You’ve messed around where you shouldn’t have and you’ve always thought it would be fun to do that full time in a way that didn’t make you feel like an evil person or that karma would catch up to you. Maybe you’ve messed with folks in the past too much and want to earn some good karma points by helping us secure our high volume software and systems. #BI-Remote Benefits: Great Wage WFH comfort package & company provided equipment 22 days paid time off (29 days after 3 years. Flexible time off after 5 years!)+ 4 paid holidays 4% retirement matching through Fidelity 100% employer-paid medical, dental and vision for employees Maternity and Paternity Leave Flexible hours Coffee shop next door Crappy parking? Oh, I mean a cool downtown location for easy public transportation options… Apply Now #J-18808-Ljbffr
API web-frameworks Vulnerability management Python network-protocols encryption automation Linux scripting mobile-applications Security penetration-testing open-source Ruby