Job Title

Senior Security Engineer

Job Description

Gotham Digital Science is looking for smart, energetic, and motivated individuals to add to its New York City and Charlotte, NC teams. As a Senior Consultant you will be leading GDS staff in performing the following services:

  • Web and mobile application penetration testing
  • Application source code review
  • Thick client application penetration testing
  • Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access
  • Documenting technical issues identified during security assessments
  • Secure Development Lifecycle consultancy and advisory
  • Vulnerability research and exploit development

GDS provides a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.


The following are expected from potential applicants:

  • 5+ years of experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client above and beyond running automated tools
  • 3-5 years of experience with network/infrastructure penetration testing
  • Security source code review experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • Experience with threat modeling and security design review methodologies
  • A strong understanding of Unix, Windows and network security skills
  • Ability to work both independently and perform as a leader in a team environment
  • Ability to work remotely as part of a distributed team and travel to client sites when required
  • Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences

The following skills are not required from applicants but would be considered a plus:

  • Development experience as part of an enterprise development team
  • Experience developing custom scripts or tools used for vulnerability scanning and identification
  • Strong grasp of cryptography fundamentals
  • Produced public facing research and/or delivered presentations at well known industry security conferences