Application Security Manager
To see similar active jobs please follow this link: Remote System Administration jobs
About Kueski
Founded in 2012 with the mission to improve the financial lives of people in Mexico, Kueski is the leading buy now, pay later (BNPL) and online consumer credit platform in Latin America, known for its innovative financial services. Its flagship product, Kueski Pay, allows customers to make purchases and pay later, both online and in physical stores and has become the payment choice for a quarter of Mexico's leading e-commerce merchants. Notably, it stands out as the first buy now, pay later (BNPL) option accessible to Mexican consumers on Amazon.com.mx.
Kueski is frequently recognized for its strong, diverse and inclusive company culture. In 2022, Kueski was named one of the most ethical companies in Mexico by AMITAI, and one of the best companies for both young professionals and female talent in Mexico by EFY. The company has also been named to CB Insights’ Fintech 250 list.
Purpose
The Application Security Manager is responsible for recommending, working with the Engineering team, and ensuring the appropriate security is implemented in products developed. These evaluations through technical reviews, using attacks, application pen-testing activities, among others, to ensure all developed products and applications, comply with the guidelines and definitions. The application security manager is also responsible for working with the different teams to implement and maintain the SSDLC, and working with the different stakeholders to document and ensure the implementation of these controls is appropriate and complies with the defined elements.
Key Responsabilities
Conduct and/or support authorized penetration testing on enterprise network assets
Perform penetration testing as required for new or updated applications
Apply and utilize authorized cyber capabilities to enable access to targeted networks and applications
Perform analysis for target infrastructure exploitation activities
Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access
Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities
Examine intercept-related metadata and content with an understanding of targeting significance
Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development
Lead or enable exploitation operations in support of organization objectives and target requirements
Develop test plans to address specifications and requirements
Make recommendations based on test results
Create auditable evidence of security measures
Validate specifications and requirements for testability
Perform developmental testing on systems under development
Perform interoperability testing on systems exchanging data with other systems
Perform operational testing
Test, evaluate, and verify software to determine compliance with defined specifications and requirements
Position Requierements
+2 years of penetration testing experience, both at a network and application levels
+1 year experience in penetration testing in cloud environments
Experience in working with engineering teams to close the identified issues and perform retesting of the findings
Clear understanding of agile methodologies, DevOps, and DevSecOps
Experience using SAST, DAST, and other automated testing tools
PenTesting Certification or similar is nice to have. (CEH, PenTest+, CPT, CEPT, CRTOP, GPEN, OSCP, etc)Knowledge of application vulnerabilities
Knowledge of collection management processes, capabilities, and limitations
Knowledge of front-end collection systems, including traffic collection, filtering, and selection
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).Knowledge of evasion strategies and techniques
Knowledge of identification and reporting processes
Advanced English level
You’ll love working at Kueski because
We have a mission-driven culture focused on customer value, teamwork, humility, and integrity.
Everyone is expected to have role clarity, career growth, and a personal development plan. Feedback and recognition is embedded in our company processes, systems, and practices.
We ensure competitive salary, medical insurance, and wellbeing through ample and flexible time off as well as mental healthcare benefits. Everyone is an owner and eligible for competitive stock options with a company poised for success.
We´re committed to building an inclusive and diverse team and we know this leads to incredible work.
$82,000 - $100,000 a month
Wage is expressed in Mexican pesos before deductions.
Kueski: Where talent excellence improves Mexican lives
#LifeAtKueski #KueskiTalent
About the job
Application Security Manager
To see similar active jobs please follow this link: Remote System Administration jobs
About Kueski
Founded in 2012 with the mission to improve the financial lives of people in Mexico, Kueski is the leading buy now, pay later (BNPL) and online consumer credit platform in Latin America, known for its innovative financial services. Its flagship product, Kueski Pay, allows customers to make purchases and pay later, both online and in physical stores and has become the payment choice for a quarter of Mexico's leading e-commerce merchants. Notably, it stands out as the first buy now, pay later (BNPL) option accessible to Mexican consumers on Amazon.com.mx.
Kueski is frequently recognized for its strong, diverse and inclusive company culture. In 2022, Kueski was named one of the most ethical companies in Mexico by AMITAI, and one of the best companies for both young professionals and female talent in Mexico by EFY. The company has also been named to CB Insights’ Fintech 250 list.
Purpose
The Application Security Manager is responsible for recommending, working with the Engineering team, and ensuring the appropriate security is implemented in products developed. These evaluations through technical reviews, using attacks, application pen-testing activities, among others, to ensure all developed products and applications, comply with the guidelines and definitions. The application security manager is also responsible for working with the different teams to implement and maintain the SSDLC, and working with the different stakeholders to document and ensure the implementation of these controls is appropriate and complies with the defined elements.
Key Responsabilities
Conduct and/or support authorized penetration testing on enterprise network assets
Perform penetration testing as required for new or updated applications
Apply and utilize authorized cyber capabilities to enable access to targeted networks and applications
Perform analysis for target infrastructure exploitation activities
Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access
Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities
Examine intercept-related metadata and content with an understanding of targeting significance
Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development
Lead or enable exploitation operations in support of organization objectives and target requirements
Develop test plans to address specifications and requirements
Make recommendations based on test results
Create auditable evidence of security measures
Validate specifications and requirements for testability
Perform developmental testing on systems under development
Perform interoperability testing on systems exchanging data with other systems
Perform operational testing
Test, evaluate, and verify software to determine compliance with defined specifications and requirements
Position Requierements
+2 years of penetration testing experience, both at a network and application levels
+1 year experience in penetration testing in cloud environments
Experience in working with engineering teams to close the identified issues and perform retesting of the findings
Clear understanding of agile methodologies, DevOps, and DevSecOps
Experience using SAST, DAST, and other automated testing tools
PenTesting Certification or similar is nice to have. (CEH, PenTest+, CPT, CEPT, CRTOP, GPEN, OSCP, etc)Knowledge of application vulnerabilities
Knowledge of collection management processes, capabilities, and limitations
Knowledge of front-end collection systems, including traffic collection, filtering, and selection
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).Knowledge of evasion strategies and techniques
Knowledge of identification and reporting processes
Advanced English level
You’ll love working at Kueski because
We have a mission-driven culture focused on customer value, teamwork, humility, and integrity.
Everyone is expected to have role clarity, career growth, and a personal development plan. Feedback and recognition is embedded in our company processes, systems, and practices.
We ensure competitive salary, medical insurance, and wellbeing through ample and flexible time off as well as mental healthcare benefits. Everyone is an owner and eligible for competitive stock options with a company poised for success.
We´re committed to building an inclusive and diverse team and we know this leads to incredible work.
$82,000 - $100,000 a month
Wage is expressed in Mexican pesos before deductions.
Kueski: Where talent excellence improves Mexican lives
#LifeAtKueski #KueskiTalent