Associate Architect, Information Security

Overview:
**Role Overview**:
Aptean is seeking a **Senior Penetration Tester with strong**DevSecOps**expertise** to play a dual-role in our offensive security and secure development lifecycle initiatives. You will lead advanced penetration testing engagements, red team operations, and threat simulations across enterprise environments while also driving secure software practices by integrating security into CI/CD pipelines. This role blends deep offensive security capabilities with hands-on DevSecOps implementation, contributing to both proactive and preventative cybersecurity postures.

**Key Responsibilities**:
**Offensive Security & Penetration Testing**
- Lead and perform advanced penetration testing across:

- APIs (REST, GraphQL, SOAP) with focus on business logic vulnerabilities
- Internal/external networks and hybrid infrastructure (on-prem and cloud)
- Execute red team engagements simulating real-world adversaries (APT-style)
- Targeting Windows Active Directory, Linux systems, and cloud platforms (AWS, Azure, GCP)
- Employing post-exploitation, lateral movement, and persistence techniques
- Build and maintain offensive infrastructure (C2 servers, phishing platforms)
- Develop proof-of-concept exploits and adversary emulation scenarios
- Deploy and monitor honeypots/honeynets for threat detection and behavior analysis

**DevSecOps** & Secure SDLC**
- Integrate security tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD)
- Automate security testing and policy enforcement in the development lifecycle
- Collaborate with DevOps and developers to implement secure coding practices and remediation workflows
- Build custom scripts/tools for security automation (Python, Bash, PowerShell)
- Monitor and harden containerized and cloud-native infrastructure (Docker, Kubernetes, serverless)
- Support security gate controls and compliance checks across release pipelines

**Reporting, Documentation & Communication**
- Deliver detailed technical reports and executive summaries of findings
- Present findings to cross-functional stakeholders including engineering and executive leadership
- Provide actionable remediation guidance with risk prioritization
- Develop technical documentation, threat playbooks, and attack narratives

**Leadership, Collaboration & Mentorship**
- Mentor junior penetration testers and review their assessments
- Lead purple teaming exercises to bridge offensive and defensive capabilities
- Collaborate with blue teams to enhance detection and response
- Conduct knowledge sharing sessions and internal capability development
- Stay current with threat landscape, tools, and techniques

**Required Qualifications**:
**Experience & Background**
- 8-10 years in cybersecurity with primary focus on penetration testing and red teaming
- At least 2 years hands-on experience integrating security in CI/CD and DevSecOps environments
- Proven leadership in complex offensive security engagements

**Technical Skills**
- Offensive Security:

- Advanced penetration testing of web, mobile, and thick client apps
- Red teaming, lateral movement, and post-exploitation in enterprise environments
- API security testing and exploitation
- Tooling & Platforms:

- Burp Suite, OWASP ZAP, Metasploit, Cobalt Strike, BloodHound, Empire, Sliver
- Nessus, Nmap, Trivy, AWS Inspector, Azure Defender, GCP SCC
- GitHub Actions, Jenkins, GitLab CI/CD, Docker, Kubernetes
- Scripting & Automation:

- Proficient in Python, Bash, PowerShell (Go or Ruby a plus)
- Automation of penetration testing tasks and CI/CD integration
- Cloud & Infrastructure:

- Hands-on experience in AWS, Azure, GCP environments
- Active Directory attack techniques (e.g., Kerberoasting, Golden Ticket)
- Container and cloud-native attack simulation
- Security Frameworks:

- Deep knowledge of OWASP Top 10, MITRE ATT&CK, PTES, STRIDE, PASTA
- Familiarity with threat intelligence and APT tactics

**Preferred Qualifications**:
**Certifications**
- One or more of the following:

- ** OSCP** (Offensive Security Certified Professional)
- ** CPENT**, **GIAC** (GPEN, GXPN, GCPN, GWAPT, GMOB)
- ** CEH** (Certified Ethical Hacker)

**Specialized Skills**
- Purple teaming and detection tuning
- Cloud-native and serverless security testing
- Honeypot/honeynet development
- Malware analysis fundamentals
- Threat modeling (STRIDE, OCTAVE)
- Experience with regulatory frameworks (NIST, PCI DSS, HIPAA, GDPR)

**Personal Attributes**
- Strong problem-solving and critical thinking skills
- Excellent verbal and written communication, including reporting to technical and non-technical audiences
- Ability to lead, mentor, and collaborate effectively across teams
- Passion for offensive security, continuous learning, and responsible disclosure
- Adaptability to fast-paced, evolving threat environments

**What’s in it for you?**
Aptean offers competitive pay and robust benefit plans along with the opportunity to
grow your career in a fast-pac