Apply on Employer Site

TP-Link Systems Inc. · 1 week ago

Sr. Penetration Tester, Web/Mobile Apps and Cloud Services

Irvine, CA

Full-time

Onsite

Mid, Senior Level

$100K/yr - $165K/yr

5+ years exp

TP-Link Systems Inc. is a global provider of reliable networking devices and smart home products, seeking a skilled and proactive Sr. Penetration Tester to lead security initiatives for their cloud service product lines. This role involves conducting advanced penetration testing, performing comprehensive security assessments, and integrating security practices throughout the cloud service development lifecycle.

ElectronicsHardwareHealth CareInternetSoftware

No H1B

Responsibilities

Lead advanced penetration testing for entire cloud environments, including web applications, APIs, AI applications, serverless functions, containers, and other cloud-native services

Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses across cloud platforms and applications

Lead incident response activities and perform in-depth vulnerability research, oversee and manage the entire incident response process for cloud environments

Lead cloud security certification efforts for various compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.)

Design and develop advanced security tools and automated testing platforms to enhance cloud security testing accuracy and coverage

Drive the integration of security practices throughout the CI/CD pipeline and DevOps processes company-wide

Follow-up on global cloud security standards and regulations, mentoring junior engineers and driving the implementation of security requirements within cloud services

Collaborate with teams to develop and deliver cloud and web application security training to development, DevOps and QA teams, ensuring best practices are followed

Design and implement secure cloud architectures and conduct security reviews of existing architectures to ensure alignment with industry best practices

Qualification

Cloud security architecturePenetration testingSecurity tools proficiencyProgramming languagesSecurity compliance certificationsIncident response managementDevSecOps integrationProactive initiativeLeadership skillsCommunication skillsProblem-solving skills

Required

Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience)

Proven more than 5 years' experience as a Security Engineer (Cloud & Web) or in a similar role

Deep understanding of cloud security architecture, web application security, API security, and common vulnerabilities, with hands-on experience in assessing and securing complex cloud systems across multiple platforms

Extensive experience with security tools such as Burp Suite, OWASP ZAP, Nmap, Kali, Nessus, Metasploit, and the ability to customize these tools for advanced penetration testing and vulnerability assessments in cloud environments

Capability to independently develop or customize penetration testing tools, automation frameworks, and continuous security testing platforms for complex cloud environments

Advanced knowledge of secure coding practices, identifying vulnerabilities across multiple cloud services, and guiding junior engineers in performing such tasks

Proficient in multiple programming languages (e.g., Python, JavaScript, Go, Bash, PowerShell, etc.), with the ability to independently write complex security tools, scripts and exploit code

Expert-level knowledge of major cloud platforms (AWS, Azure, GCP) and their security services, configurations, and best practices