Application Security Engineer
Tempus Inc
Chicago, United States of America
13 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
Senior Compensation
$ 180KJob location
Chicago, United States of America
Tech stack
Testing (Software)
JavaScript
API
Amazon Web Services (AWS)
Business Logic
Software System Penetration Testing
Azure
Burp Suite
Cloud Computing Security
Dicom
Python
Open Web Application Security
Powershell
Reverse Engineering
Mobile Security
TypeScript
Web Applications
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
GWAPT
Health Level Seven International
GraphQL
Job description
- Execute advanced black-box and grey-box penetration tests on web applications, APIs (REST/GraphQL), and internal systems.
- Perform deep-dive mobile security assessments on iOS and Android, including reverse engineering and bypassing client-side controls like root detection and certificate pinning.
- Lead specialized security testing and threat modeling for FDA-regulated medical device software, ensuring compliance with HIPAA, GDPR, and FDA cybersecurity guidelines.
- Develop high-quality technical reports detailing exploit chains and business logic flaws, providing engineering teams with hands-on remediation guidance.
- Automate security testing by developing custom tools and scripts in languages such as Python, Go, or PowerShell.
- Communicate complex security risks and business impacts to executive leadership and cross-functional stakeholders.
- Mentor junior team members and provide security training to development teams to foster a robust culture of security awareness.
Requirements
- 5+ years of experience in penetration testing, ideally within healthcare or highly regulated environments.
- Expert knowledge of web/API vulnerabilities (OWASP Top 10) and mobile testing frameworks (Frida, Burp Suite, MobSF, Ghidra).
- Understanding of medical protocols (DICOM, HL7) and cloud security practices (AWS, Azure, or Google Cloud Platform).
- Proficiency in scripting languages (Python, JavaScript/TypeScript, Go) and secure SDLC practices.
- Excellent analytical, problem-solving, and interpersonal communication skills.
Preferred Certifications
- Offensive Security: OSCP, OSCE, or OSWE.
- Mobile Security: eCMAP or GMOB.
- General/Regulated: CEH, CSSLP, GPEN, GWAPT, or UL 2900 training.