Sr. Penetration Tester, Web​/Mobile Apps and Cloud Services

About Us:

Headquartered in the United States,
TP-Link Systems Inc. is a global provider of reliable networking devices and smart home products, consistently ranked as the world’s top provider of Wi‑Fi devices. The company is committed to delivering innovative products that enhance people’s lives through faster, more reliable connectivity. With a commitment to excellence, TP-Link Systems serves customers in over 170 countries and continues to grow its global footprint.

We believe technology changes the world for the better! At TP-Link Systems Inc, we are committed to crafting dependable, high‑performance products to connect users worldwide with the wonders of technology.

Embracing professionalism, innovation, excellence, and simplicity, we aim to assist our clients in achieving remarkable global performance and enable consumers to enjoy a seamless, effortless lifestyle.

Overview:

TP-Link Systems Inc. is seeking a skilled and proactive Sr. Penetration Tester, Web/Mobile Apps and Cloud Services to lead security initiatives for our cloud service product lines. This role requires deep expertise in assessing and securing complex cloud environments, with the ability to drive security strategies for specific product lines. Responsibilities include conducting advanced penetration testing for dedicated cloud services, performing comprehensive security assessments, architecting and implementing threat models, managing the incident response process for critical vulnerabilities, and integrating security practices throughout the cloud service development lifecycle.

The ideal candidate brings a strong technical foundation, including proficiency in developing custom cloud security tools, advanced vulnerability discovery, and system architecture evaluation, ensuring TP‑Link's cloud services meet global security standards and compliance requirements.

Key Responsibilities:

• Penetration Testing:
  Lead advanced penetration testing for entire cloud environments, including web applications, APIs, AI applications, serverless functions, containers, and other cloud‑native services.
• Threat Modelling and security assessment:
  Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses across cloud platforms and applications.
• Lead incident response activities and perform in‑depth vulnerability research, oversee and manage the entire incident response process for cloud environments.
• Security compliance and certification:
  Lead cloud security certification efforts for various compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.).
• Develop security tools:
  Design and develop advanced security tools and automated testing platforms to enhance cloud security testing accuracy and coverage.
• Dev Sec Ops  Integration:
  Drive the integration of security practices throughout the CI/CD pipeline and Dev Ops processes company‑wide.
• Follow‑up on global cloud security standards and regulations, mentoring junior engineers and driving the implementation of security requirements within cloud services.
• Security Training:
  Collaborate with teams to develop and deliver cloud and web application security training to development, Dev Ops and QA teams, ensuring best practices are followed.
• Security Architecture:
  Design and implement secure cloud architectures and conduct security reviews of existing architectures to ensure alignment with industry best practices.

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Proven more than 5 years’ experience as a Security Engineer (Cloud & Web) or in a similar role.
• Deep understanding of cloud security architecture, web application security, API security, and common vulnerabilities, with hands‑on experience in assessing and securing complex cloud systems across multiple platforms.
• Extensive experience with security tools such as Burp Suite, OWASP ZAP, Nmap, Kali, Nessus, Metasploit, and the ability to customize these tools for advanced penetration testing and vulnerability assessments in cloud environments.
• Capability to independently develop or customize penetration testing tools,…