GENERAL DESCRIPTION

Technosylva is a leading SaaS company specializing in operational support and risk analytics solutions for wildfires and extreme weather events. Our mission is to reduce the impact of these events by delivering proactive, actionable intelligence that enables better decision-making.

We offer a suite of software solutions specifically designed to mitigate risks associated with both wildfires and extreme weather conditions. These solutions are used by some of the largest investor-owned utilities (IOUs), fire management agencies, and other key organizations across the United States.

Our products help anticipate risk, generate on-demand wildfire spread predictions, and support infrastructure hardening analysis—while also aiding regulatory compliance and reporting processes. Although initially developed for utilities and government agencies, our solutions are rapidly gaining traction in other sectors, such as transmission operators, insurance companies, and emerging industries increasingly exposed to climate risk.

Founded in 1997, Technosylva has been delivering mission-critical solutions for over two decades. In recent years, the company has undergone a transformation and period of rapid growth, now boasting a team of over 180 employees and an international presence in more than 10 countries.

JOB DESCRIPTION

The Application Security Engineer is responsible for using a verity of methods to analyze the security of Technosylva’s web and mobile applications. This includes “hands on keyboard” testing to identify exploitable vulnerabilities, API deficiencies, and flaws within application logic.

You should be capable of penetrating our application to obtaining a foothold, pivoting to relevant systems, and knowledgeable on how to acquire data for exfiltration.

In this role, you will be required to generate detailed reports that includes a narrative on how the attack was performed, a detailed roadmap on how to resolve the vulnerabilities, provide feedback sessions to relevant stakeholders, and work closely with product and engineering throughout the remediation life cycle.

RESPONSIBILITIES

• Researches and remains up to date with emerging threats and threat emulation methodologies. Maintains current knowledge of industry trends and standards in information security.
• Test systems for application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, PL/SQL and injections, race conditions, covert channel, replay, return-oriented attacks, and malicious code),
• Able to chain vulnerabilities, escalate privileges, and use techniques to move laterally.
• Develop reusable scripts for testing and monitoring Technosylva’s application security.
• Create reports and recommendations from your findings, including the security issues uncovered and level of risk.
• Present your findings, risks and conclusions to management and other relevant parties.
• Work with software engineering teams to remediate the findings.
• Be innovative and identify proactive solutions to prevent future vulnerabilities.
• Assumes a leadership role in advocating internally and externally for security measures to protect cloud-based applications and environments.
  
  

REQUIRED SKILLS

• Understand Programming languages (C#, .NET, R, JS, etc.).
• 3+ years of experience performing vulnerability assessments.
• Fundamental understanding of security knowledge of testing mobile, native applications, web applications, and database systems.
• Understand Security assessment tools (such as Kali Linux, Burp suite, Metasploit, Cobalt Strike, Tenable Nessus, Web Inspect, IDA PRO, Wireshark, SQLmap).
• Understand Security frameworks (such as NIST, ISO).
• Understand Operating systems (such as Linux, Unix, Windows).

EXPERIENCIE

• A relevant degree, certification and/or proven operational experience.
• Minimum of 3-4 years in an information security related field.
• Minimum of 2 years of “hands-on-keyboard” pen testing.

SOFT SKILLS

• Technology agnostic mindset with a proven experience to identify and learn new systems, languages and frameworks.
• Strong written and verbal communication skills.
• Enthusiastic positive attitude, yet disciplined and detailed-oriented.
• Familiar with agile working environments including both SCRUM and Kanban.

BENEFITS

• Competitive annual salary.
• Annual bonus based on individual and company performance.
• Flexible working hours.
• Remote work options available.
  
  

DISCLAIMER
Final compensation and benefits will depend on a variety of factors including location, experience, training, qualifications, and market demand.

COMMITMENT TO INCLUSION
Technosylva is an equal opportunity employer. We are committed to fostering an inclusive environment where diverse perspectives lead to better solutions.