Senior Offensive Security Malware Lead Analyst

• Lead the offensive security program for malware analysis and response, focusing on proactively securing the software development lifecycle
• Perform manual and dynamic analysis on potential open-source malware within NPM, Python, and other package ecosystems to identify supply chain risks
• Act as a subject matter expert in offensive information security, performing manual security assessments on web technologies, including APIs, JavaScript Frameworks, and Artificial Intelligence systems
• Conduct and facilitate security reviews, penetration testing engagements, and table-top/red-team/scenario analysis exercises
• Drive remediation efforts by outlining defense-in-depth strategies and providing strategic solutions to developers on effective security controls
• Evaluate, recommend, and assist in the selection of new and emerging external products, applications, and technologies with a focus on their security implications
• Work closely with internal Applications Development to enhance both architecture and application security
• Identify opportunities for enhancements to security standards, tools, and processes, and contribute to the review of internal activities for potential improvement and automation
• Define secure configurations for network, database, server, and desktop technologies in alignment with security policies
• Develop strong technical documentation and deliver clear presentations to articulate vulnerability assessment results to both technical and non-technical audiences
• Assess risk during business decisions, ensuring compliance with applicable laws, rules, and regulations while safeguarding the firm's assets and reputation.

• Bachelor’s Degree with a minimum of 10 years' relevant experience, or a Master’s Degree with a minimum 5 years' experience in Malware analysis and/or application penetration testing
• Proven background in penetration testing and expertise in the risks associated with software supply chains and dependency trees
• Hands-on experience with security testing tools such as BurpSuite Proxy, Postman, AppScan, WebInspect, and similar technologies
• Must have or be willing to obtain industry-accredited security certifications such as OSCP, OSWE, CISSP, GWAPT, GPEN, or other related credentials
• Advanced analytical and problem-solving skills with a demonstrated ability to take ownership and follow up on issues
• Proficient in interpreting and applying policies, standards, and procedures
• Excellent written and verbal communication skills
• Demonstrated ability to work effectively in a team environment and perform well under pressure.

Experience leveraging Artificial Intelligence to enhance offensive security processes is highly desirable.

• medical, dental & vision coverage
• 401(k)
• life, accident, and disability insurance
• wellness programs
• paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
• discretionary and formulaic incentive and retention awards