Assess and ensure the security of client applications through penetration testing and compliance checks, providing recommendations and reporting risks.
JOB DUTIES: Assess the security and compliance of various types of client applications and supporting infrastructure against regulatory and industry requirements and standards, as well as security best practice frameworks using knowledge of Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and Mobile); Security principles, policies, and industry best practices; compliance frameworks (PCI DSS, FedRAMP, HIPAA); testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FedRAMP, or HITRUST; Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standard). Test computer programs and systems, including coordinating security tests in a team setting. Conduct Application Penetration Testing (Browser-based, API, Mobile, IoT), Threat Modeling, and Source Code Reviews. Develop, document, and revise test procedures and quality standards for computer IT security systems. Use computers in the analysis of security risks, such as exploitable vulnerabilities. Write reports regarding client security as well as making recommendations for improvements and communicating them to the client. Confer with clients regarding the nature of known security risks and mitigating controls. Train staff and users to work with computer systems and programs related to IT security. Provide staff and users with assistance solving computer-related security problems, such as malfunctions and program problems. Use and review code in object-oriented programming languages, as well as client and server applications development processes and multimedia and internet technology regarding security risks. Review and analyze computer printouts and performance indicators to locate code problems and communicate problems to developers.
RATE OF PAY: $143,500.00 to $148,500.00 per year. The employer will pay or exceed the prevailing wage, as determined by the U.S. Department of Labor
REQUIREMENTS: Bachelor of Science in Comp Science/Systems Engineering, Information Systems/Assurance, Cybersecurity, or closely related field and five (5) years of experience in the position offered or as an Information Security Analyst. Experience must include at least five years’ working knowledge of: Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, thick client, and Mobile); Security principles, policies, and industry best practices; compliance frameworks (PCI DSS, FedRAMP, HIPAA); testing against one or more IT security compliance frameworks, such as PCI, FISMA, HIPAA, FedRAMP, or HITRUST; Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), Software Assurance Maturity Model (SAMM), National Institute of Standards and Technology (NIST) Special Publications, and PTES (Penetration Testing Execution Standards). Position is eligible to telecommute 100% of work schedule. Domestic travel requirement of up to 10% of work schedule
LOCATION OF EMPLOYMENT: 330 N Wabash Ave, Suite 1430, Chicago, IL 60611. Position is eligible to telecommute 100% of work schedule.
Top Skills
Application Penetration Testing
Compliance Frameworks
Fedramp
Hipaa
Nist Special Publications
Osstmm
Owasp
Pci Dss
Ptes
Samm
Coalfire Westminster, Colorado, USA Office
11000 Westmoor Circle, Westminster, CO, United States, 80021
Coalfire Greenwood Village, Colorado, USA Office
8480 E Orchard Rd, Greenwood Village, CO, United States, 80111
Similar Jobs
Cloud • Security • Cybersecurity
The Senior Consultant leads applications security assessments, performs penetration testing, manages client engagements, and mentors teammates on security best practices.
Top Skills:
Application Penetration TestingAWSCloud PlatformsGCPMobile ApplicationsSecure CodingWeb Applications
Cloud • Security • Cybersecurity
Lead engagements assessing client application security through penetration testing. Collaborate with teams, manage projects, and deliver quality reports for clients to improve security posture.
Top Skills:
AndroidAPIsApplication SecurityAWSC#iOSJavaPenetration TestingPythonSecure Code Review
Aerospace • Artificial Intelligence • Hardware • Robotics • Security • Software • Defense
The role involves leading systems engineering efforts for an autonomous aircraft, shaping requirements, managing risks, and coordinating multidisciplinary teams.
Top Skills:
CameoMbse
What you need to know about the Colorado Tech Scene
With a business-friendly climate and research universities like CU Boulder and Colorado State, Colorado has made a name for itself as a startup ecosystem. The state boasts a skilled workforce and high quality of life thanks to its affordable housing, vibrant cultural scene and unparalleled opportunities for outdoor recreation. Colorado is also home to the National Renewable Energy Laboratory, helping cement its status as a hub for renewable energy innovation.
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
