Aptean - Associate Architect - Information Security

Overview :

Role Overview :

Aptean is seeking a Senior Penetration Tester with strong DevSecOps expertise to play a dual-role in our offensive security and secure development lifecycle initiatives.

You will lead advanced penetration testing engagements, red team operations, and threat simulations across enterprise environments while also driving secure software practices by integrating security into CI/CD pipelines.

This role blends deep offensive security capabilities with hands-on DevSecOps implementation, contributing to both proactive and preventative cybersecurity postures.

Key Responsibilities :

Offensive Security & Penetration Testing :

Lead and perform advanced penetration testing across:

- Web, mobile (iOS/Android), and desktop/thick client applications.

- APIs (REST, GraphQL, SOAP) with focus on business logic vulnerabilities.

- Internal/external networks and hybrid infrastructure (on-prem and cloud).

- Execute red team engagements simulating real-world adversaries (APT-style).

- Targeting Windows Active Directory, Linux systems, and cloud platforms (AWS, Azure, GCP).

- Employing post-exploitation, lateral movement, and persistence techniques.

- Build and maintain offensive infrastructure (C2 servers, phishing platforms).

- Develop proof-of-concept exploits and adversary emulation scenarios.

- Deploy and monitor honeypots/honeynets for threat detection and behavior analysis.

DevSecOps & Secure SDLC :

- Integrate security tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD).

Reporting, Documentation & Communication :

- Deliver detailed technical reports and executive summaries of findings.

- Present findings to cross-functional stakeholders including engineering and executive leadership.

- Provide actionable remediation guidance with risk prioritization.

- Develop technical documentation, threat playbooks, and attack narratives.

Leadership, Collaboration & Mentorship :

- Mentor junior penetration testers and review their assessments.

- Lead purple teaming exercises to bridge offensive and defensive capabilities.

Required Qualifications :

Experience & Background :

- 8 - 10 years in cybersecurity with primary focus on penetration testing and red teaming.

- At least 2 years hands-on experience integrating security in CI/CD and DevSecOps environments.

Technical Skills :

Offensive Security :

- Advanced penetration testing of web, mobile, and thick client apps.

Tooling & Platforms :

- Burp Suite, OWASP ZAP, Metasploit, Cobalt Strike, BloodHound, Empire, Sliver.

- Nessus, Nmap, Trivy, AWS Inspector, Azure Defender, GCP SCC.

- GitHub Actions, Jenkins, GitLab CI/CD, Docker, Kubernetes.

Scripting & Automation :

- Proficient in Python, Bash, PowerShell (Go or Ruby a plus).

Cloud & Infrastructure :

- Hands-on experience in AWS, Azure, GCP environments.

- Active Directory attack techniques (e.g., Kerberoasting, Golden Ticket).

- Container and cloud-native attack simulation.

Security Frameworks :

- Deep knowledge of OWASP Top 10, MITRE ATT&CK, PTES, STRIDE, PASTA.

Preferred Qualifications :

Certifications :

One or more of the following :

- CPENT, GIAC (GPEN, GXPN, GCPN, GWAPT, GMOB).

- CEH (Certified Ethical Hacker).

Specialized Skills :

- Purple teaming and detection tuning.

- Cloud-native and serverless security testing.

Personal Attributes :

- Strong problem-solving and critical thinking skills.

- Excellent verbal and written communication, including reporting to technical and non-technical audiences.

- Ability to lead, mentor, and collaborate effectively across teams.

- Passion for offensive security, continuous learning, and responsible disclosure.

- Adaptability to fast-paced, evolving threat environments.

Whats in it for you ?

Aptean offers competitive pay and robust benefit plans along with the opportunity to grow your career in a fast-paced, flexible and casual environment, an outstanding opportunity for career development and growth.