Coalfire Logo

Coalfire

Consultant, Application Security Penetration Tester

Posted 15 Days Ago
Remote
Hiring Remotely in United States
Mid level
Remote
Hiring Remotely in United States
Mid level
The Consultant will perform application security assessments, identify vulnerabilities, conduct API security testing, and collaborate with development teams to integrate security into the development lifecycle.
The summary above was generated by AI

About Coalfire


Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Denver, Colorado with offices across the U.S. and U.K., and we support clients around the world.


But that’s not who we are – that’s just what we do.

 

We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference.


Coalfire’s AppSec team is composed of highly specialized application security testers.  Not only are we hackers, but trusted advisors, where true consultancy shines through. At Coalfire, we take pride in being a partner to our clients.  On our AppSec team, you work individually, but also in large groups depending on engagements. Come join our fun team where you can showcase your abilities, deepen your technical skills, expand your knowledge, be mentored while mentoring others, and have a great time while doing it.

What You'll Do

  • Perform application security assessments using penetration testing, threat modeling, and code review techniques.
  • Identify and remediate security vulnerabilities in web applications, APIs, cloud environments, and enterprise systems.
  • Conduct API security testing (SOAP, REST, GraphQL) and evaluate authentication/authorization mechanisms.
  • Analyze network security controls, including firewalls, SSL/TLS, encryption, and VPN configurations.
  • Collaborate with development teams to integrate security into the Secure Development Life Cycle (SDLC).
  • Conduct code reviews across various languages to identify security flaws and vulnerabilities.
  • Work with cloud security testing methodologies and ensure compliance with security standards.
  • Provide clear, well-written reports with actionable recommendations.
  • Consult with clients to explain findings, address security concerns, and provide remediation guidance.
  • Support mentorship and knowledge sharing within the team.
  • Lead and support penetration testing projects from start to finish.
  • Contribute to thought leadership through blog posts, conference talks, and R&D initiatives.
  • Stay up to date with security policies, industry best practices, and emerging threats.

What You'll Bring

  • A sense of humor and a good collection of memes and GIFs!
  • Strong knowledge of OWASP Top 10 and ability to explain vulnerabilities and attack vectors.
  • Hands-on experience with web application security testing and exploits.
  • Proficiency in Linux, VMWare, and GitHub for security assessments.
  • Working knowledge of popular web technologies like .NET, Java EE, Node.js, Rails, or JavaScript.
  • Familiarity with code scanning and dynamic analysis tools.
  • Expertise in API security testing and protocol handling.
  • Experience working with cloud security principles (AWS, GCP, Azure).
  • Understanding of IAM policies and security configurations in cloud environments.
  • Strong problem-solving and critical-thinking skills.
  • Ability to work independently and collaborate with teams effectively.
  • Strong time management and ability to meet deadlines.
  • Excellent verbal and written communication skills - able to explain findings to technical and non-technical stakeholders.
  • Open to constructive feedback and continuous learning.
  • A passion for mentorship and knowledge sharing.
  • A client-centric mindset with a high level of professionalism and collaboration.
  • Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience.

Bonus Points

  • Experience with AWS security concepts (IAM, STS, security controls, serverless architectures).
  • Hands-on experience with AWS services like S3, SQS, SNS, Lambda, and API Gateway.
  • Familiarity with DevSecOps, CI/CD security, and infrastructure automation.
  • Experience in mobile security (iOS/Android) and IoT testing.
  • Deep understanding of network and host-based penetration testing methodologies.
  • AWS Cloud Practitioner
  • AWS Certified Security - Specialty
  • Offensive Security Certified Professional (OSCP)

Why You’ll Want to Join Us


At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office.


Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options.


At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, our Human Resources team at [email protected].

Top Skills

.Net
AWS
Azure
GCP
Git
Java Ee
JavaScript
Linux
Node.js
Ruby on Rails
VMware

Similar Jobs

Yesterday
Remote
United States
Senior level
Senior level
Cloud • Security • Cybersecurity
The Senior Consultant leads application security engagements, performs penetration testing, contextualizes vulnerabilities, mentors teammates, and supports clients in improving security posture.
Top Skills: APIsApplication Penetration TestingCloud TestingMobile Application TestingProgramming LanguagesSecurity PrinciplesWeb Application Testing
Yesterday
Remote
Hybrid
United States
Mid level
Mid level
Artificial Intelligence • Cloud • Information Technology • Sales • Security • Software • Cybersecurity
The Product Security Consultant opens and manages security product deployments, advises on best practices, and automates solutions for customers. Responsibilities include documentation, scripting, and providing pre-sales support.
Top Skills: AWSGoogle Cloud PlatformGrcIdsIpsAzurePowershellPythonSIEMSQL
Yesterday
Easy Apply
Remote
2 Locations
Easy Apply
157K-217K Annually
Senior level
157K-217K Annually
Senior level
Artificial Intelligence • Fintech • Machine Learning • Social Impact • Software
As a Senior Offensive Security Engineer, you'll build and lead the Offensive Security program, test Upstart's controls, and collaborate with various security teams.
Top Skills: AWSCi/CdEksKubernetesmacOSOktaPython

What you need to know about the Boston Tech Scene

Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.

Key Facts About Boston Tech

  • Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
  • Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
  • Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
  • Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account