Sr. Penetration Tester, Web/Mobile Apps and Cloud Services

About Us:

Headquartered in the United States, TP-Link Systems Inc. is a global provider of reliable networking devices and smart home products, consistently ranked as the world’s top provider of Wi-Fi devices. The company is committed to delivering innovative products that enhance people’s lives through faster, more reliable connectivity. With a commitment to excellence, TP-Link Systems serves customers in over 170 countries and continues to grow its global footprint.

We believe technology changes the world for the better! At TP-Link Systems Inc, we are committed to crafting dependable, high-performance products to connect users worldwide with the wonders of technology.

Embracing professionalism, innovation, excellence, and simplicity, we aim to assist our clients in achieving remarkable global performance and enable consumers to enjoy a seamless, effortless lifestyle.

Overview:

TP-Link Systems Inc. is seeking a skilled and proactive Sr. Penetration Tester, Web/Mobile Apps and Cloud Services to lead security initiatives for our cloud service product lines. This role requires deep expertise in assessing and securing complex cloud environments, with the ability to drive security strategies for specific product lines. Responsibilities include conducting advanced penetration testing for dedicated cloud services, performing comprehensive security assessments, architecting and implementing threat models, managing the incident response process for critical vulnerabilities, and integrating security practices throughout the cloud service development lifecycle.

The ideal candidate brings a strong technical foundation, including proficiency in developing custom cloud security tools, advanced vulnerability discovery, and system architecture evaluation, ensuring TP-Link's cloud services meet global security standards and compliance requirements.

Key Responsibilities:

• Penetration Testing: Lead advanced penetration testing for entire cloud environments, including web applications, APIs, AI applications, serverless functions, containers, and other cloud-native services.
• Threat Modelling and security assessment: Conduct comprehensive security risk assessments at architecture and functional levels to identify potential security weaknesses across cloud platforms and applications.
• Lead incident response activities and perform in-depth vulnerability research, oversee and manage the entire incident response process for cloud environments.
• Security compliance and certification: Lead cloud security certification efforts for various compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, etc.).
• Develop security tools: Design and develop advanced security tools and automated testing platforms to enhance cloud security testing accuracy and coverage.
• DevSecOps Integration: Drive the integration of security practices throughout the CI/CD pipeline and DevOps processes company-wide.
• Follow-up on global cloud security standards and regulations, mentoring junior engineers and driving the implementation of security requirements within cloud services.
• Security Training: Collaborate with teams to develop and deliver cloud and web application security training to development, DevOps and QA teams, ensuring best practices are followed.
• Security Architecture: Design and implement secure cloud architectures and conduct security reviews of existing architectures to ensure alignment with industry best practices.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent work experience).
• Proven more than 5 years' experience as a Security Engineer (Cloud & Web) or in a similar role.
• Deep understanding of cloud security architecture, web application security, API security, and common vulnerabilities, with hands-on experience in assessing and securing complex cloud systems across multiple platforms.
• Extensive experience with security tools such as Burp Suite, OWASP ZAP, Nmap, Kali, Nessus, Metasploit, and the ability to customize these tools for advanced penetration testing and vulnerability assessments in cloud environments.
• Capability to independently develop or customize penetration testing tools, automation frameworks, and continuous security testing platforms for complex cloud environments.
• Advanced knowledge of secure coding practices, identifying vulnerabilities across multiple cloud services, and guiding junior engineers in performing such tasks.
• Proficient in multiple programming languages (e.g., Python, JavaScript, Go, Bash, PowerShell, etc.), with the ability to independently write complex security tools, scripts and exploit code.
• Expert-level knowledge of major cloud platforms (AWS, Azure, GCP) and their security services, configurations, and best practices.
• Relevant advanced security certifications (e.g., OSCP, OSWE, CISSP, AWS/Azure/GCP security certifications) are highly preferred.
• CVE IDs involving critical vulnerabilities in web or cloud environments, as well as published relevant papers or patents are prioritized.
• Published CVEs are highly preferred.

Soft Skills:

• Strong leadership and mentoring skills with the ability to guide cloud security teams.
• Excellent cross-functional communication and ability to explain complex security concepts to non-technical stakeholders.
• Strategic thinking and problem-solving skills focused on cloud security challenges.
• Initiative-driven and proactive, demonstrating ownership over security projects and a commitment to continuous improvement in cloud security practices.

Salary range: $100,000-$165,000

• Free snacks and drinks, and provided lunch on Fridays
• Fully paid medical, dental, and vision insurance (partial coverage for dependents)
• Contributions to 401k funds
• Bi-annual reviews, and annual pay increases
• Health and wellness benefits, including free gym membership
• Quarterly team-building events

At TP-Link Systems Inc., we are continually searching for ambitious individuals who are passionate about their work. We believe that diversity fuels innovation, collaboration, and drives our entrepreneurial spirit. As a global company, we highly value diverse perspectives and are committed to cultivating an environment where all voices are heard, respected, and valued. We are dedicated to providing equal employment opportunities to all employees and applicants, and we prohibit discrimination and harassment of any kind based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Beyond compliance, we strive to create a supportive and growth-oriented workplace for everyone. If you share our passion and connection to this mission, we welcome you to apply and join us in building a vibrant and inclusive team at TP-Link Systems Inc.

Please, no third-party agency inquiries, and we are unable to offer visa sponsorships at this time.