Senior Security Engineer – Red Team

This is a fully remote position, open to applicants in Turkey.

📋 Description

• Conducts penetration testing for web and mobile applications, along with internal assessments, source code evaluations, threat analysis, and social engineering tests.

• Provides support to blue teams as necessary.

• Investigates new attack vectors and keeps up-to-date with the latest cybersecurity news and trends.

• Educates Quality Assurance and Development teams on standard security testing practices and secure software development methodologies.

⛳️ Requirements

• Possesses over 4 years of professional experience in web application security.

• Demonstrates hands-on experience in the security testing of web applications, web services, mobile applications, APIs, etc.

• Has experience in securing REST APIs and web services.

• Familiar with using and implementing SAST / DAST tools such as Fortify, Veracode, Checkmarx, or similar tools.

• Capable of conducting penetration tests on information systems utilizing both commercial and open-source exploitation tools.

• Understands standard security vulnerabilities and common remediation strategies as outlined by OWASP, SANS, etc.

• Experienced in secure coding practices and their application within engineering teams.

• Will assist developers in our business units during their Software Development Life Cycle (SDLC) and provide guidance on mitigating emerging threats.

• Will review application source code utilizing static application security testing tools.

• Engaged in security research to stay updated on vulnerabilities and testing tools.

• Will produce detailed, professional documentation and reports that effectively communicate vulnerabilities, mitigation strategies, and remediation steps.

• Able to manage multiple projects simultaneously while demonstrating a commitment to exceptional customer service.

• Exhibits strong written and verbal communication skills in English.

• Programming experience in Python, JavaScript, and PHP is considered a plus.

• Knowledge of scripting (in any language) and experience with automation scripts for application security testing is a plus.

• Familiarity with cloud security concepts, particularly AWS security, is advantageous.

• Certifications such as eWAPTx, OSCP, OSWE, etc., are a plus.

• Capable of thriving in a team-oriented environment.

• Possesses strong critical thinking and analytical capabilities.

• Experienced in conducting white, gray, or black box security posture assessments and delivering comprehensive reports detailing findings and recommendations.

🏝️ Benefits

• Enjoy a monthly meal allowance designed to enhance your daily routine.

• Access comprehensive private health insurance.

• Feed your curiosity with access to Spotify, LinkedIn Learning, Blinkist, MasterClass, Neoskola, and CloudGuru.

• Level up with internal trainings covering AI fundamentals, coding, foreign languages, and a wide range of personal development skills.

• Be part of a diverse team that’s as global as it gets, where every voice is heard and 50+ nationalities build together.

• Become a Shareowner through our eligibility-based “ESOP” and own a piece of what you build.

• Help build the team you want to work with and enjoy rewarding referral bonuses.

• Opportunities to give back to your community through volunteering and purpose-driven social impact projects.

• From global retreats to team-building activities, expect year-round events that turn into lifelong memories.

• Get inspired by the greatest minds in the tech industry through events like our Tech & Dev Talks.

• Work from anywhere in Turkey through our fully remote setup.