Careers

Job Title

Security Engineer

Job Description

Gotham Digital Science is looking for smart, energetic and motivated individuals to add to its New York City and Charlotte, NC teams. As a Consultant you will be performing the following services:

  • Web and mobile application penetration testing
  • Application source code review
  • Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access
  • Documenting technical issues identified during security assessments
  • Secure Development Lifecycle consultancy and advisory
  • Vulnerability research and exploit development

GDS provides a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.

Qualifications

The following are expected from potential applicants:

  • 2+ years of experience with penetration testing against web and mobile application layer platforms, above and beyond running automated tools
  • 1-2 years of experience with network/infrastructure penetration testing
  • Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
  • Familiarity with application layer assessment tools, such as local proxies and fuzzers
  • Familiarity with threat modeling and security design review methodologies
  • A good understanding of Unix, Windows and network security skills
  • Ability to work both independently and perform as a leader in a team environment
  • Ability to work remotely as part of a distributed team and travel to client sites when required
  • Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences

The following skills are not required from applicants but would be considered a plus:

  • Degree in Computer Science, Information Systems, Engineering or related major
  • Experience working as part of an enterprise development team
  • Experience developing custom scripts or tools used for vulnerability scanning and identification
  • Experience with client/server thick client penetration testing
  • A good understanding of cryptography fundamentals
  • Produced public facing research and/or delivered presentations at well known industry security conferences