Security Test Lead
Laserfiche is a world leader in software for content management, business process automation, and productivity-boosting data analytics. With users spanning more than 80 countries, in nearly every industry—including government, education, financial services, and healthcare—Laserfiche solutions make organizations smarter, more collaborative, more efficient and more effective. At Laserfiche, we don’t just build software, we transform the enterprise.
Delivering on that promise of flexible, easy-to-use, enterprise-scale, secure content management and business process automation software comes with a plethora of exciting and technically complex challenges. That's where you come in.
The Security Test Lead is responsible for leading a team of developers and testers dedicated to all variations of security testing from Penetration Testing and Application Security Testing to Fuzz testing and static code analysis. You will work with over a dozen different product teams to help them ensure their products, features, and processes are secure.
- Work with many scrum teams to ensure best practices are followed
- Manage our relationship with an external security test vendor
- Execute automated and manual analysis of systems and applications in an effort to identify security flaws
- Proactively finds security vulnerabilities, test responses, and strengthens security offerings using coordinated simulated attacks against Laserfiche products and resources using pre-defined and approved tests.
- Independently conduct pen tests, and suggest improvements to the testing process.
- Detect and exploit vulnerabilities manually, and develop tools and techniques to assist the team with improving skills and capabilities.
- Grow a team of security experts who can support Laserfiche's many scrum teams and product areas
- Build and lead projects that contribute towards Laserfiche's long-term Security goals
- Mentor junior engineers and help level-up their deep understanding of Application Security
- Define security test strategies for complex systems
- Identify security vulnerabilities
- Develop powerful security tools
- Build secure automation systems
- Educate and integrate security in a non-blocking way throughout the development cycle
- Develop relationships with engineering teams to deeply understand their application security needs
- Evangelize application security and secure coding practices throughout Laserfiche's engineering
- Review code and hunt for security vulnerabilities before we release products
- Champion security initiatives to senior management, product leads, and engineers
What You'll Need:
- 5+ years of experience in Information Security roles such as Security Lead, Penetration Tester, Incident Response, etc.
- Exceptional knowledge of security testing methodologies, tools, and processes
- Demonstrable experience with security testing both on-premises and cloud-based services
- Awareness of and experience with industry standard tools and best practices
- Experience in advanced computing concepts such as application architecture and network segmentation
- Deep understanding in at least one of the following domains: encryption/encoding, binary exploitation, DB injections (SQLi/noSQLi), file includes (LFI/RFI), deserialization attacks, OSINT methodology, container breakouts, Wi-Fi attacks, reverse engineering, IOT hacking
- Generalist Certifications such as CISSP, SANS certifications (GSEC/GCIH/GICSP/etc.)
- Specialist Certifications such as Offensive Security (OSCP/OSCE/etc.) and/or SANS (GPEN/GWAPT/GXPN/etc.)
- Excellent verbal and written communication skills to clearly communicate the implications and impacts of vulnerabilities
- Experience with mentoring junior members, providing constructive, individualized feedback
Click here to learn more about Life at Laserfiche
Laserfiche complies with all Equal Opportunity and Affirmative Action regulations. Laserfiche makes all employment decisions – such as recruiting, hiring, training, promotion, compensation, professional development practices, discipline and termination – without regard to race, religion, color, national origin, ancestry, citizenship, sex, pregnancy, age, creed, physical or mental disability, medical condition, genetic characteristic, marital status, veteran status, gender identity/expression, sexual orientation or any other characteristic protected by law, except as may be permitted by law.
***Please note that this is NOT a remote role***