Sr Advanced Cyber Security Architect/Engineer
United States of America
Full Time
8 hours ago
No H1B
Key skills
Penetration TestingWeb Application SecurityAPI Security TestingCloud Infrastructure SecurityMobile Application SecuritySoftware-as-a-Service SecurityPlatform-as-a-Service SecurityAI and Machine Learning Security AssessmentsThreat IntelligenceRed Team MethodologiesVulnerability AssessmentThreat ModelingRisk AnalysisExploit DevelopmentSocial EngineeringPhishing SimulationsPhysical Security AssessmentsOWASP FrameworkPTES FrameworkNIST 800-115 FrameworkMITRE ATT&CK FrameworkCVSS FrameworkSecure Coding PracticesSoftware Development Lifecycle IntegrationPenetration Test ReportingAmazon Web Services SecurityMicrosoft Azure SecurityGoogle Cloud Platform SecurityContainer SecurityDockerKubernetesServerless Architecture SecurityMicroservices SecurityREST API SecurityGraphQL SecuritySOAP SecurityOWASP Top 10 for LLM ApplicationsArtificial Intelligence GovernanceModel Risk ManagementResponsible AI SecurityOSCP CertificationOSCE3 CertificationCISSP CertificationStrategic ThinkingAIArtificial IntelligenceMachine LearningLLMGraphQLAmazon Web ServicesAzureGoogle CloudServerlessLeadershipMentoringCommunicationOWASP
About this role
Solstice Advanced Materials is a leading global specialty materials company that advances science for smarter outcomes. They are seeking a highly skilled and experienced Sr Advanced Cyber Security Architect/Engineer to build and lead their penetration testing program, contributing to technical assessments and mentoring a team of security professionals.
Responsibilities:
- Design, execute, and lead end-to-end penetration tests across a wide range of environments, including web applications, APIs, cloud infrastructure, internal and external networks, and mobile applications
- Conduct penetration testing across software-as-a-service and platform-as-a service environments, identifying unique risks and attack surfaces specific to cloud hosted and multi-tenant platforms. Perform AI and machine learning application security assessments, including testing of large language model applications for vulnerabilities such as prompt injection, model inversion attacks, data poisoning, insecure output handling, and training data leakage
- Simulate real-world adversarial attack scenarios using threat intelligence and red team methodologies
- Conduct vulnerability assessments, threat modeling, and risk analysis across diverse technology stacks
- Develop and maintain custom exploits, scripts, and tooling to support advanced testing scenarios
- Perform social engineering, phishing simulations, and physical security assessments as required
- Architect and build a comprehensive, scalable penetration testing program aligned with recognized industry frameworks, including OWASP, PTES, NIST, and MITRE ATT&CK
- Define penetration testing standards, methodologies, playbooks, and reporting templates
- Establish key performance indicators and metrics to measure the effectiveness and maturity of the penetration testing program
- Serve as the primary point of contact for all internal and external penetration testing engagements
- Collaborate with Engineering, DevSecOps, Information Technology, Risk, and Compliance teams to integrate security testing into the software development lifecycle and continuous integration and delivery pipelines
- Manage relationships with third-party penetration testing vendors and coordinate external assessments
- Present findings, risks, and remediation strategies to executive leadership and technical stakeholders
- Lead, mentor, and develop a team of penetration testers at various skill levels
- Conduct regular knowledge-sharing sessions, red team exercises, and skills development programs
- Define career paths and growth frameworks for the penetration testing team
- Foster a culture of continuous learning and maintain awareness of the evolving threat landscape
- Recruit and onboard new team members as the program scales
Requirements:
- 10+ years of hands-on penetration testing experience in enterprise environments
- Proven experience building or significantly maturing a penetration testing program
- Extensive experience testing software-as-a-service and platform-as-a-service environments and cloud-native applications
- Strong knowledge of OWASP, PTES, NIST 800-115, MITRE ATT&CK, and CVSS frameworks
- Demonstrated experience leading and mentoring technical security teams
- Strong understanding of secure coding practices and software development lifecycle integration
- Experience writing detailed, executive-ready penetration test reports
- Excellent written and verbal communication skills, with the ability to translate complex technical findings for non-technical audiences
- Experience working in regulated industries, such as finance, healthcare, or technology
- Demonstrated understanding of Amazon Web Services, Microsoft Azure, and Google Cloud Platform security models and attack surfaces
- Experience testing containerized environments, including Docker and Kubernetes
- Familiarity with serverless architectures and microservices security
- Experience with API security testing, including REST, GraphQL, and SOAP
- Knowledge of the OWASP Top 10 for LLM Applications
- Understanding of artificial intelligence governance, model risk, and responsible artificial intelligence security principles
- Ability to develop custom test cases for generative artificial intelligence systems
- Commitment to mentorship and developing the next generation of security professionals
- Strong attention to detail, analytical thinking, and problem-solving skills
- Due to compliance with US export control laws and regulations, candidate must be a US person, which is defined as, a US citizen, a US permanent resident, or have protected status in the US under asylum or refugee status
- OSCP (Offensive Security Certified Professional)
- OSCE3 (Offensive Security Certified Expert 3)
- Offensive Security CISSP (ISC)²