Security Engineer

About the Role:

• Design, scope, and perform offensive security engagements from planning through execution and reporting
• Perform application penetration testing against mobile, Web, API, and on premise applications to identify security vulnerabilities
• Conduct vulnerability assessments, penetration tests, and adversarial testing activities to evaluate Deltek’s cybersecurity posture
• Validate, document, and communicate findings and proof-of-concepts to a variety of stakeholders (e.g., application engineers, security partners, management)
• Collaborate closely with engineering teams to understand application architecture, behavior, and attack surfaces
• Assess cloud environments for security risks and misconfigurations in collaboration with platform and cloud teams
• Maintain and enhance offensive security tools, techniques, and methodologies in alignment with team practices and emerging threats

Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent practical experience
• 3–5 years of experience in offensive security, penetration testing, application security, or related security engineering roles
• Strong understanding of:
• Web application and API security concepts
• Network security fundamentals (HTTP/S, TCP/IP, DNS)
• Authentication, authorization, and access control mechanisms
• Hands-on experience with dynamic security testing tools and manual testing techniques
• Programming or scripting experience in Python, JavaScript, .NET, or similar languages
• Excellent communication and documentation skills
• Ability to collaborate effectively with application developers and security peers

Preferred Qualifications

• Experience testing applications built with modern frameworks and technologies (e.g., Java, .NET, C#)
• Exposure to cloud platforms and cloud security principles (AWS, Azure, or GCP)
• Experience validating exploitability beyond automated scanning
• One or more hands-on offensive security certifications or training (e.g., OSCP, eCPPT, PNPT, OSWE in progress or completed)

Note: Certified Ethical Hacker (CEH) certification will not be considered sufficient for this role.