Cyber Security Engineer (Pen Testing)

The Opportunity

"You will act as a partner between FICO internal security standards and our expanding global supply chain. In this high-impact role, you will lead the charge in supporting multiple audits across both our internal IT landscape and third parties. You will act as a trusted advisor to FICO senior leadership, ensuring that our technical growth remains aligned with our risk appetite and strategy in a data-driven analytics environment"- Cyber Security, Director

What You'll Contribute

• Collaborate with engineers, consultants, and leadership to identify security risks and recommend mitigations within the Secure Development Lifecycle (SDLC).
• Perform activities such as secure code reviews, security testing, and vulnerability triage across various applications.
• Regularly interact with internal and external customers on security-related projects and operational tasks.
• Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks.
• Analyse test results, draw conclusions from results, and develop targeted exploit examples.
• Clearly and professionally document root cause and risk analysis of findings.
• Champion product security testing process and be an advocate for secure development practices, fostering a culture of collaboration and continuous improvement across engineering and product teams.
• Collaborate with other teams to improve the overall security posture of applications/infrastructure.
• Stay current on security best practices, vulnerabilities, and attacker tactics, techniques, and procedures.
• Develop and test effective functional security testing strategies for new/emerging product security requirements.
• Suggest improvements to existing processes/tooling; ideate and implement automation where possible.
• Take ownership of the functionality, configuration, and continuous improvement of DAST and API security tools, ensuring they are effectively integrated into the security testing lifecycle

What We're Seeking

• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Relevant cyber security certifications (e.g., CEH, CCSP, CISSP, OSCP etc) are highly desirable.
• Proven experience of at least 5+ years in product security, pen testing and security automation.
• Strong understanding of AWS infrastructure and cloud security principles.
• In-depth knowledge of cybersecurity principles, methodologies, frameworks and best practices. (OSI, NIST, OWASP, SANS, PCI etc)
• Knowledge of secure coding principles and experience with code review processes and tools.
• Experience with Pen testing - WebApp, APIs, infrastructure as a code scan reviews and dynamic application security testing (DAST) methodologies and tools.
• Knowledge and experience in CI/CD, shift left security and exposure to testing analytical models, AI/ML security testing will be a plus.
• Strong analytical and problem-solving skills with a keen attention to detail.
• Strong written and oral communication skills with the ability to convey complex security concepts to non-technical stakeholders.
• Strong organizational and interpersonal skills.

Our Offer to You

• An inclusive culture strongly reflects our core values: Act Like an Owner, Delight Our Customers and Earn the Respect of Others.
• The opportunity to make an impact and develop professionally by leveraging your unique strengths and participating in valuable learning experiences.
• Highly competitive compensation, benefits, and rewards programs that encourage you to bring your best every day and be recognized for doing so.
• An engaging, people-first work environment offering work/life balance, employee with employee resource groups and social events to promote interaction and camaraderie.