Sr. Penetration Tester, Web​/Mobile Apps and Cloud Services

Sr. Penetration Tester, Web/Mobile Apps and Cloud Services

TP-Link Systems Inc. is a global provider of reliable networking devices and smart home products. We are seeking a skilled and proactive Sr. Penetration Tester to lead security initiatives for our cloud service product lines. This role requires deep expertise in assessing and securing complex cloud environments, with the ability to drive security strategies for specific product lines. Responsibilities include conducting advanced penetration testing for dedicated cloud services, performing comprehensive security assessments, architecting and implementing threat models, managing the incident response process for critical vulnerabilities, and integrating security practices throughout the cloud service development lifecycle.

The ideal candidate brings a strong technical foundation, including proficiency in developing custom cloud security tools, advanced vulnerability discovery, and system architecture evaluation, ensuring TP‑Link's cloud services meet global security standards and compliance requirements.

• Lead advanced penetration testing for entire cloud environments, including web applications, APIs, AI applications, serverless functions, containers, and other cloud-native services.
• Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses across cloud platforms and applications.
• Lead incident response activities and perform in-depth vulnerability research, overseeing and managing the entire incident response process for cloud environments.
• Lead cloud security certification efforts for various compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.).
• Design and develop advanced security tools and automated testing platforms to enhance cloud security testing accuracy and coverage.
• Drive the integration of security practices throughout the CI/CD pipeline and Dev Ops processes company‑wide.
• Follow up on global cloud security standards and regulations, mentoring junior engineers and driving the implementation of security requirements within cloud services.
• Collaborate with teams to develop and deliver cloud and web application security training to development, Dev Ops, and QA teams, ensuring best practices are followed.
• Design and implement secure cloud architectures and conduct security reviews of existing architectures to ensure alignment with industry best practices.

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• More than 5 years’ experience as a Security Engineer (Cloud & Web) or in a similar role.
• Deep understanding of cloud security architecture, web application security, API security, and common vulnerabilities, with hands‑on experience in assessing and securing complex cloud systems across multiple platforms.
• Extensive experience with security tools such as Burp Suite, OWASP ZAP, Nmap, Kali, Nessus, Metasploit, and the ability to customize these tools for advanced penetration testing and vulnerability assessments in cloud environments.
• Capability to independently develop or customize penetration testing tools, automation frameworks, and continuous security testing platforms for complex cloud environments.
• Advanced knowledge of secure coding practices, identifying vulnerabilities across multiple cloud services, and guiding junior engineers in performing such tasks.
• Proficient in multiple programming languages (e.g., Python, JavaScript, Go, Bash, Power Shell, etc.), with the ability to independently write complex security tools, scripts and exploit code.
• Expert‑level knowledge of major cloud platforms (AWS, Azure, GCP) and their security services, configurations, and best practices.
• Relevant advanced security certifications (e.g., OSCP, OSWE, CISSP, AWS/Azure/GCP security certifications) are highly preferred.
• CVE IDs involving critical vulnerabilities in web or cloud environments, as well as published relevant papers or patents, are prioritized.

• Strong leadership and mentoring skills with the ability to guide cloud security teams.
• Excellent cross‑functional communication…