Senior Security Engineer​/Pentester

Soft Serve is a global digital solutions company with headquarters in Austin, Texas, founded in 1993. Our associates are currently working on 2,000+ projects with clients in the USA, Europe, and LATAM region. We are about people who create bold things, who make a difference, who have fun, and who love their work.

Critical Services Center of Excellence (CoE) as the subdivision of Soft Serve, is a team of highly professional folks, with the primary focus on technology covering software architecture, startups, and enterprise technologies. Soft Serve transforms business through various levels of security assessment, creating and executing threat scenarios, identifying the security risks, and filling the gaps. We have a proactive approach while consulting our clients on security management and analyzing the entire infrastructure on multiple layers.

In this way, we design an efficient security strategy following the security standards (ISO
27k, CIS Benchmarks, NIST, SOC2, HIPAA, PCI DSS, etc.) and considering the client’s short- and long-term goals.

Our comprehensive solution provides exceptional visibility of analyzed security risks, complies with international standards, helps to pass the compliance certification audits, and gives instructions to achieve the desired level of data protection. Soft Serve Cybersecurity Practice you provides reliable security solutions identifying the security gaps and guiding clients through each step of the improvement process. Being experts in a range of technologies, we find the approach fitting different clients’ needs best in terms of security.

Cybersecurity team members are located in Poland, Ukraine, Spain and other European countries.

• An expert with 5+ years in cybersecurity testing, with practical knowledge across various security domains: mobile security, web assessment, network infrastructure, cloud security (AWS, GCP or Azure), binary security
• Skilled in identifying security vulnerabilities in platforms and providing actionable recommendations to mitigate risks effectively
• Experienced in DAST & SAST & IAST methodologies
• Aware of industry threats, vulnerabilities, and standards: OWASP Top 10/SANS 25, PCI, HIPPA, GDPR and current AI security trends
• A specialist in network protocol analyzing, investigation unknown security vulnerabilities (0-days) or reproducing the known one (1-st days)
• An owner of CISSP, CISA, CEH, OSCP, or other information security certifications (nice to have)
• Showcasing practical experience in AI security (as a win)
• An expert in reverse engineering and exploitation (as an advantage)
• Fluent in English (Upper-intermediate level) and comfortable in a multicultural environment
• Exceptional in both verbal and written communication, capable of leading and influencing virtual teams

• Perform penetration testing for network, infrastructure, and different types of applications: web applications, web services, mobile applications, and thick client applications
• Perform a security audit of application and infrastructure: designs, source code, integration, and security requirements
• Perform Red Team activities, such as social engineering, and simulation of security incidents to assess the effectiveness of the incident response
• Develop and implement threat modeling processes that help identify potential security risks at early stages of development
• Collaborate with development teams to integrate security throughout the SSDLC, promoting secure coding standards and best practices
• Lead and mentor a team focused on application security, providing guidance on secure coding practices, threat modeling, and risk assessments
• Lead the pre-sales and suggest best security approaches based on client`s business need
• Investigate the industry trends, emerging threats, and best practices to continually improve the the security posture

• Cooperate with the world-leading companies and people
• Cover a big range of projects and clients
• Have a variety of projects with different types of needs and requirements
• Work towards giving you a highly independent position with total ownership and accountability, but also support when needed
• Get a great deal of learning and development opportunities along our structured career path
• Work with experts in application security, security engineering and governance risk and compliance.

Soft Serve is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment regardless of race, color, religion, age, sex, nationality, disability, sexual orientation, gender identity and expression, veteran status, and other protected characteristics under applicable law. Let’s put your talents and experience in motion with Soft Serve.

Enjoy our Flexible Workplace - work from home, or in any office of your country!