Careers

Job Title

Senior Security Engineer

Job Description

Gotham Digital Science is looking for smart, energetic, and motivated individuals to add to its New York City and Charlotte, NC teams. As a Senior Consultant you will be leading GDS staff in performing the following services:

  • Web and mobile application penetration testing
  • Application source code review
  • Thick client application penetration testing
  • Network penetration testing (external & internal), to include vulnerability exploitation and pivoting to gain remote system access
  • Documenting technical issues identified during security assessments
  • Secure Development Lifecycle consultancy and advisory
  • Vulnerability research and exploit development

GDS provides a challenging and exciting work environment that offers a healthy combination of autonomy and senior level support. Our team publishes books and security blogs, contributes to open source software projects, and are engaged in a variety of continuous security research projects. If you enjoy performing deep technical work in a fun and casual atmosphere, contact us to find out more about joining our team.

Qualifications

The following are expected from potential applicants:

  • 5+ years of experience with penetration testing against a wide variety of application layer platforms, including web, mobile, and thick client above and beyond running automated tools
  • 3-5 years of experience with network/infrastructure penetration testing
  • Security source code review experience in C/C++, C#, VB.NET, ASP, PHP, Ruby or Java
  • Experience with application layer assessment tools, such as local proxies and fuzzers
  • Experience with threat modeling and security design review methodologies
  • A strong understanding of Unix, Windows and network security skills
  • Ability to work both independently and perform as a leader in a team environment
  • Ability to work remotely as part of a distributed team and travel to client sites when required
  • Excellent communication skills in English (both written and oral); able to concisely communicate security risks to both technical and business audiences

The following skills are not required from applicants but would be considered a plus:

  • Development experience as part of an enterprise development team
  • Experience developing custom scripts or tools used for vulnerability scanning and identification
  • Strong grasp of cryptography fundamentals
  • Produced public facing research and/or delivered presentations at well known industry security conferences