Application Security Engineer

Tempus Inc
Chicago, United States of America
13 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
$ 180K

Job location

Chicago, United States of America

Tech stack

Testing (Software)
JavaScript
API
Amazon Web Services (AWS)
Business Logic
Software System Penetration Testing
Azure
Burp Suite
Cloud Computing Security
Dicom
Python
Open Web Application Security
Powershell
Reverse Engineering
Mobile Security
TypeScript
Web Applications
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
GWAPT
Health Level Seven International
GraphQL

Job description

  • Execute advanced black-box and grey-box penetration tests on web applications, APIs (REST/GraphQL), and internal systems.
  • Perform deep-dive mobile security assessments on iOS and Android, including reverse engineering and bypassing client-side controls like root detection and certificate pinning.
  • Lead specialized security testing and threat modeling for FDA-regulated medical device software, ensuring compliance with HIPAA, GDPR, and FDA cybersecurity guidelines.
  • Develop high-quality technical reports detailing exploit chains and business logic flaws, providing engineering teams with hands-on remediation guidance.
  • Automate security testing by developing custom tools and scripts in languages such as Python, Go, or PowerShell.
  • Communicate complex security risks and business impacts to executive leadership and cross-functional stakeholders.
  • Mentor junior team members and provide security training to development teams to foster a robust culture of security awareness.

Requirements

  • 5+ years of experience in penetration testing, ideally within healthcare or highly regulated environments.
  • Expert knowledge of web/API vulnerabilities (OWASP Top 10) and mobile testing frameworks (Frida, Burp Suite, MobSF, Ghidra).
  • Understanding of medical protocols (DICOM, HL7) and cloud security practices (AWS, Azure, or Google Cloud Platform).
  • Proficiency in scripting languages (Python, JavaScript/TypeScript, Go) and secure SDLC practices.
  • Excellent analytical, problem-solving, and interpersonal communication skills.

Preferred Certifications

  • Offensive Security: OSCP, OSCE, or OSWE.
  • Mobile Security: eCMAP or GMOB.
  • General/Regulated: CEH, CSSLP, GPEN, GWAPT, or UL 2900 training.

Apply for this position