Overview

We are seeking an experienced and highly skilled Senior Security Engineer with over 5 years of experience in penetration testing and vulnerability management. This role requires deep expertise in identifying, assessing, and mitigating security vulnerabilities across various platforms and systems. The successful candidate will lead security assessments and collaborate closely with cross-functional teams to ensure our organization's security posture is robust. In addition, strong programming skills are essential to automate and streamline testing processes. Knowledge of OWASP, SANS25, CVE, and MITRE frameworks is crucial for this role.

This is an excellent opportunity for a seasoned security professional to make a significant impact on our organization's security posture by leading and enhancing our penetration testing and vulnerability management efforts. If you are passionate about cybersecurity and possess the required skills and experience, we encourage you to apply.

What you'll bring

• Bachelor’s degree in computer science, Information Security, or a related field. Equivalent experience will be considered.

• Minimum of 5 years of experience in penetration testing and vulnerability management.

• Strong understanding of penetration testing and vulnerability management methodologies, procedures, and tools.

• Experience with LLM, Generative AI Models and prompt engineering (OpenAI, Google Gemini, Claude etc.)

• Penetration testing experience with Generative AI applications is a plus.

• Demonstrated experience with vulnerability assessment tools such as Burp Suite, Nessus, Rapid7 Insight AppSec, Appspider, and Metasploit.

• In-depth knowledge of authentication and authorization protocols and technologies such as OAuth, OpenID Connect, SAML, and LDAP.

• Strong understanding of OWASP Web, LLM and Mobile Top 10, SANS25, CVE, and MITRE ATT&CK frameworks.

• Strong programming skills in Python, Perl, or Bash, with a focus on automating security processes.

• Excellent communication and presentation skills, with the ability to articulate complex security concepts to technical and non-technical stakeholders.

• Strong analytical and problem-solving skills, with the ability to prioritize vulnerabilities based on risk.

• Relevant certifications such as OSCP, OSWE, OSEP, CRTE, CRTP are preferred.

How you will lead

• Conduct hands-on penetration testing of Generative AI applications and integrations, web applications, mobile applications, cloud environments, and Thick Client application ecosystems to identify vulnerabilities.

• Lead and manage the penetration testing and vulnerability management program, ensuring thorough planning, execution, and reporting.

• Validate identified vulnerabilities by removing false positives and develop remediation plans in conjunction with relevant teams.

• Utilize knowledge of OWASP Web, LLM and Mobile Top 10, SANS Top 25, CVE, and MITRE ATT&CK frameworks to guide security assessments and threat modeling.

• Work with the product development team and follow up on the security defects.

• Automate penetration testing processes, including onboarding, scanning, and reporting using available toolsets and scripting languages (e.g., Python, Perl, Bash).

• Automate the vulnerability management process and day-to-day tasks.

• Interface with executive leadership and technical staff to communicate findings, strategies, and remediation plans effectively.

• Develop and maintain penetration testing and vulnerability assessment methodologies, procedures, and tools.

• Stay current with the latest security threats, vulnerabilities, and trends, and integrate this knowledge into testing procedures and methodologies.

• Conduct security assessments for third-party vendors and suppliers to ensure compliance with security standards and policies.

• Prepare comprehensive reports and presentations that convey complex security findings to both technical and non-technical stakeholders.

• Collaborate with various teams within the organization, including Product Development, Blue Team, Security Engineering, and Vulnerability Management, to ensure comprehensive security coverage.

• Procure, develop, and maintain an inventory of security tools needed for various operations.

• Identify, collect, and report metrics related to the program's progress, operations, and findings.

• Research and assess new threats and vulnerabilities, providing informed recommendations for mitigating risks.

EOE AA M/F/Vet/Disability. Intuit will consider for employment qualified applicants with criminal histories in a manner consistent with requirements of local law.