Glocomms is partnered with an innovative FinTech firm seeking a Senior Offensive Security Engineer to spearhead proactive security testing initiatives. This position will be instrumental in designing and implementing a robust security testing program focused on identifying and mitigating vulnerabilities in the firm's client-facing and internal applications, including Web/APIs, blockchain applications, data lakes, and advanced trading architectures. As a key member of the Product Security team, you will collaborate closely with software engineering, SRE, and security operations teams to ensure that our products are secure by design and operations.
Responsibilities:
- Lead the design and implementation of the security testing program, collaborating with the Director of Product Security and other team members.
- Conduct penetration testing of high-priority features and applications.
- Drive adversarial testing campaigns based on threat intelligence and advanced techniques to uncover vulnerabilities in products and infrastructure.
- Perform security-focused code reviews and manual testing of security features such as authentication and authorization.
- Develop and maintain a repository of methods and scripts for ethical adversarial testing, continually updating them to address emerging threats.
- Develop a deep understanding of the technical architecture and business functionality of security engineering to protect digital asset technology products.
- Advocate for security testing within software engineering and product teams, fostering a security-first mindset.
- Provide guidance to development and SRE teams on vulnerability mitigation and secure product development.
- Stay informed of the latest developments in adversarial tactics, techniques, and application vulnerabilities, particularly in the FinTech and digital asset space, and adapt testing strategy and tooling accordingly.
Key Requirements:
- B.S. in Computer Science or relevant technical discipline.
- Security certification in cybersecurity testing, network security, or application security (e.g., OSWE, OSCP, OSWA, or equivalent).
- 5+ years of experience in security research and web penetration testing, ideally in the FinTech sector.
- 3+ years of experience with cloud and container architectures.
- Strong code review skills and proficiency with languages such as Java, C++, Python, or similar.
- Experience with automated security testing tools (e.g., DAST, SAST, SCA) in an an enterprise environment.
- Strong attention to detail, with the ability to plan and execute tests on a wide range of systems and applications.
- Excellent communication skills and the ability to collaborate effectively with cross-functional fintech teams.
- Ability to think creatively and strategically to identify flaws and vulnerabilities; confidence and communication skills to drive mitigation.
Nice to Haves:
- Knowledge of cryptocurrency, trading, and derivatives financial products.
- Familiarity with multi-participant approvals such as MPC and multi-signature.
This is not an entry-level position. Candidates should have demonstrated experience spearheading product security initiatives, with a special focus on web application and network penetration testing.
This role is open to candidates located in (or willing to relocate to) the New York City Metropolitan Area.
