Sr. Penetration Tester, Web​/Mobile Apps and Cloud Services

Sr. Penetration Tester, Web/Mobile Apps and Cloud Services

3 days ago Be among the first 25 applicants

This range is provided by TP-Link Systems Inc. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$/yr - $/yr

Headquartered in the United States, TP‑Link Systems Inc. is a global provider of reliable networking devices and smart‑home products, consistently ranked as the world’s top provider of Wi‑Fi devices. The company is committed to delivering innovative products that enhance people’s lives through faster, more reliable connectivity. With a commitment to excellence, TP‑Link serves customers in over 170 countries and continues to grow its global footprint.

We believe technology changes the world for the better! At TP‑Link Systems Inc., we are committed to crafting dependable, high‑performance products to connect users worldwide with the wonders of technology.

Embracing professionalism, innovation, excellence, and simplicity, we aim to assist our clients in achieving remarkable global performance and enable consumers to enjoy a seamless, effortless lifestyle.

TP‑Link Systems Inc. is seeking a skilled and proactive Sr. Penetration Tester, Web/Mobile Apps and Cloud Services to lead security initiatives for our cloud service product lines. This role requires deep expertise in assessing and securing complex cloud environments, with the ability to drive security strategies for specific product lines. Responsibilities include conducting advanced penetration testing for dedicated cloud services, performing comprehensive security assessments, architecting and implementing threat models, managing the incident response process for critical vulnerabilities, and integrating security practices throughout the cloud service development lifecycle.

The ideal candidate brings a strong technical foundation, including proficiency in developing custom cloud security tools, advanced vulnerability discovery, and system architecture evaluation, ensuring TP‑Link’s cloud services meet global security standards and compliance requirements.

• Lead advanced penetration testing for entire cloud environments, including web applications, APIs, AI applications, serverless functions, containers, and other cloud‑native services.
• Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses across cloud platforms and applications.
• Lead incident response activities and perform in‑depth vulnerability research, overseeing and managing the entire incident response process for cloud environments.
• Guide cloud security certification efforts for various compliance frameworks (e.g., SOC‑2, ISO 27001, GDPR).
• Design and develop advanced security tools and automated testing platforms to enhance cloud security testing accuracy and coverage.
• Drive the integration of security practices throughout the CI/CD pipeline and Dev Ops processes company‑wide.
• Follow up on global cloud security standards and regulations, mentor junior engineers and drive the implementation of security requirements within cloud services.
• Collaborate with teams to develop and deliver cloud and web application security training to development, Dev Ops, and QA teams, ensuring best practices are followed.
• Design and implement secure cloud architectures and conduct security reviews of existing architectures to ensure alignment with industry best practices.

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Proven more than 5 years’ experience as a Security Engineer (Cloud & Web) or in a similar role.
• Deep understanding of cloud security architecture, web application security, API security, and common vulnerabilities, with hands‑on experience in assessing and securing complex cloud systems across multiple platforms.
• Extensive experience with security tools such as Burp Suite, OWASP ZAP, Nmap, Kali, Nessus, Metasploit, and the ability to customize these tools for advanced penetration testing and vulnerability assessments in cloud…