Senior Offensive Security Engineer; Application Security

Full Time Bachelors 7+ Years 3+ Locations

ISA Consulting is an IT company offering end-to-end solutions in Digital Transformation, Digital Consulting and Business Process Services - supporting all Tech Stacks. Collectively we service a multitude of clients across industries and company verticals. We are a culmination of some of the brightest Full Stack Developers, Data Engineers, Architects, Project Managers, Quality Analysts, Strategists, spanning across multiple time zones.

We are seeking an Sr Offensive Security Engineer (Application Security) to perform offensive security testing of our web applications and services. This role focuses primarily on identifying vulnerabilities in modern web applications, APIs, and cloud services through manual testing, automated tooling, and custom scripts. The ideal candidate is highly technical, comfortable with security tools and code, and stays current with modern attack techniques and emerging vulnerability classes.

This position will work closely with the Application Security team and engineering teams to identify, validate, and help remediate security vulnerabilities before they can be exploited.

• Lead engagements end-to-end with full autonomy
• Perform manual penetration testing of (web) applications and APIs
• Conduct authenticated and unauthenticated testing of internal and external systems
• Contribute to internal testing playbooks and standards
• Identify vulnerabilities such as:

Broken access control / IDOR

Business logic flaws

Misconfigurations

• Use security tools and frameworks including scanners, proxies, and custom scripts
• Develop or modify scripts to automate testing where appropriate
• Validate vulnerabilities identified through automated scanners
• Stay up to date with new attack techniques and emerging vulnerability classes
• Produce clear vulnerability reports including:

technical impact

proof of concept

• Work with engineering teams to validate and retest fixes
• Assist the App Sec team with improving internal security testing processes
• Perform other duties and responsibilities as assigned to support team, department, and organizational goals.

• Experience with bug bounty or vulnerability research
• Custom exploit or tooling development experience
• Familiarity with CI/CD and Dev Sec Ops  testing pipelines
• Experience with cloud environments (AWS / Azure)
• Knowledge of modern frameworks and architectures (microservices, APIs, Graph
  
  QL)

• Bachelor's degree in Computer Science, Information Systems, Engineering, a related field, or equivalent work experience.
• 7+ years work experience of hands-on offensive security / penetration testing
• Strong understanding of web application security
• Experience with source-code-assisted manual testing
• Demonstrated ability to chain vulnerabilities into complex attack scenarios
• One or more: OSCP, OSWE, OSCE (preferred)
• Experience with manual penetration testing
• Familiarity with tools such as:
  Burp Suite, Nuclei, Nmap, ffuf / dirsearch, sqlmap etc.
• Understanding of common vulnerability classes OWASP Top 10, SAML / OAuth, authentication / session flaws, access control vulnerabilities, API security issues
• Basic scripting ability (Python, Bash, or similar)
• Strong analytical and troubleshooting skills

This job description may evolve over time. ISA Consulting is dedicated to diversity and inclusion, ensuring a fair workplace for all, regardless of race, color, religion, gender, national origin, age, disability, or any other protected status. (RV)