Overview
On Site
$53.68 - $62.13 hourly
Contract - W2
Contract - Temp
Skills
Embedded Systems
Requirements Elicitation
Automated Testing
API QA
Customer Facing
Mobile Applications
GraphQL
Threat Modeling
Gap Analysis
Process Modeling
Cellular
SIM
Behavior-driven Development
Test Suites
Thread
Collaboration
Social Engineering
Data Flow
Training
Regulatory Compliance
API
Authentication
Management
Security Controls
Data Security
Encryption
Certified Ethical Hacker
Software Development Methodology
Information Systems
CISA
OSCP
Web Applications
Functional Testing
Wireless Communication
Fraud
Test Scenarios
Testing
OWASP
Burp Suite
Nessus
Metasploit
White Hat
Linux
Information Security
Wireshark
Nmap
Openvas
Network Security
Snort
Cisco
Telecommunications
Mobile Web
Provisioning
Security QA
Scripting
Documentation
Prototyping
Artificial Intelligence
Messaging
Job Details
RESPONSIBILITIES:
Kforce's client in the wireless telecommunications space is facing increasing threats of fraudulent activity, particularly via their mobile and web platforms. We are seeking a seasoned Security Engineer who will take a lead role in securing customer-facing front-end applications and backend APIs. This role is deeply embedded in the SDLC, with the expectation that security is considered from requirements gathering through to launch. The ideal candidate will bring strong expertise in ethical hacking, information and network security, and automated testing - with a hacker's mindset to preempt and eliminate vulnerabilities.
Key Responsibilities:
* Security by Design: Integrate security at every stage of the SDLC, from requirements to deployment across web, mobile, and backend services
* Application & API Testing: Conduct security testing on customer-facing web and mobile applications and backend GraphQL APIs
* Threat Modeling & Gap Analysis: Identify weaknesses in business logic, process design, or code that could enable fraud; Suggest and document mitigation strategies
* Fraud Prevention: Validate fraud scenarios end-to-end, leveraging deep wireless cellular knowledge (SIM swap/device swap issues)
* Security Automation: Build and run automated BDD test suites to detect anomalies and validate system behavior. Preferably using tools like Karate
* Hacker's Mindset: Think from an attacker's perspective to uncover potential abuse cases and identify manipulated API threads
* Cross-Functional Collaboration: Partner with data platform teams and front-end developers to create secure integration contracts
* Simulation & Monitoring: Simulate social engineering attacks to test for human-factor vulnerabilities. Monitor secure data flow and activity
* Governance & Standards: Develop security policies, standards, and best practices; Provide internal guidance and training on evolving threats and compliance
REQUIREMENTS:
* Bachelor's degree in Computer Science, Cybersecurity, or related field.
* 5+ years of experience in security testing, preferably in wireless or telecom environments.
Strong knowledge of API security, authentication, and session management practices
Familiarity with front-end security controls and backend data protection (e.g., rate limiting, encryption at rest/in-transit)
Certifications (Nice to Have):
* Certified Ethical Hacker (CEH)
* Certified Secure Software Lifecycle Professional (CSSLP)
* Certified Information Systems Auditor (CISA)
* Offensive Security Certified Professional (OSCP)
* GIAC Web Application Penetration Tester (GWAPT)
Proven experience with:
* Application functional testing
* Security testing methodologies (e.g., OWASP Top 10)
* Wireless/mobile app architecture and telecom fraud vectors
* Creating complex test scenarios to uncover process/policy loopholes
Experience using testing tools:
* Security Testing: OWASP ZAP, Burp Suite, Nessus, Metasploit
* Ethical Hacking: Kali Linux, Aircrack-ng, John the Ripper, Hashcat
* Information Security Tools: Wireshark, Nmap, OpenVAS
* Network Security: (Preferred) Snort, pfSense, Cisco Security Manager
Preferred Qualifications:
* Master's degree in Cybersecurity or related discipline
* Prior work in securing telecom mobile/web products, with eSIM/device provisioning exposure
* Familiarity with Karate or similar automation tools for security test scripting
* Strong documentation and prototyping skills for designing security protocols and tools
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Kforce's client in the wireless telecommunications space is facing increasing threats of fraudulent activity, particularly via their mobile and web platforms. We are seeking a seasoned Security Engineer who will take a lead role in securing customer-facing front-end applications and backend APIs. This role is deeply embedded in the SDLC, with the expectation that security is considered from requirements gathering through to launch. The ideal candidate will bring strong expertise in ethical hacking, information and network security, and automated testing - with a hacker's mindset to preempt and eliminate vulnerabilities.
Key Responsibilities:
* Security by Design: Integrate security at every stage of the SDLC, from requirements to deployment across web, mobile, and backend services
* Application & API Testing: Conduct security testing on customer-facing web and mobile applications and backend GraphQL APIs
* Threat Modeling & Gap Analysis: Identify weaknesses in business logic, process design, or code that could enable fraud; Suggest and document mitigation strategies
* Fraud Prevention: Validate fraud scenarios end-to-end, leveraging deep wireless cellular knowledge (SIM swap/device swap issues)
* Security Automation: Build and run automated BDD test suites to detect anomalies and validate system behavior. Preferably using tools like Karate
* Hacker's Mindset: Think from an attacker's perspective to uncover potential abuse cases and identify manipulated API threads
* Cross-Functional Collaboration: Partner with data platform teams and front-end developers to create secure integration contracts
* Simulation & Monitoring: Simulate social engineering attacks to test for human-factor vulnerabilities. Monitor secure data flow and activity
* Governance & Standards: Develop security policies, standards, and best practices; Provide internal guidance and training on evolving threats and compliance
REQUIREMENTS:
* Bachelor's degree in Computer Science, Cybersecurity, or related field.
* 5+ years of experience in security testing, preferably in wireless or telecom environments.
Strong knowledge of API security, authentication, and session management practices
Familiarity with front-end security controls and backend data protection (e.g., rate limiting, encryption at rest/in-transit)
Certifications (Nice to Have):
* Certified Ethical Hacker (CEH)
* Certified Secure Software Lifecycle Professional (CSSLP)
* Certified Information Systems Auditor (CISA)
* Offensive Security Certified Professional (OSCP)
* GIAC Web Application Penetration Tester (GWAPT)
Proven experience with:
* Application functional testing
* Security testing methodologies (e.g., OWASP Top 10)
* Wireless/mobile app architecture and telecom fraud vectors
* Creating complex test scenarios to uncover process/policy loopholes
Experience using testing tools:
* Security Testing: OWASP ZAP, Burp Suite, Nessus, Metasploit
* Ethical Hacking: Kali Linux, Aircrack-ng, John the Ripper, Hashcat
* Information Security Tools: Wireshark, Nmap, OpenVAS
* Network Security: (Preferred) Snort, pfSense, Cisco Security Manager
Preferred Qualifications:
* Master's degree in Cybersecurity or related discipline
* Prior work in securing telecom mobile/web products, with eSIM/device provisioning exposure
* Familiarity with Karate or similar automation tools for security test scripting
* Strong documentation and prototyping skills for designing security protocols and tools
The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.
We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.
Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.
This job is not eligible for bonuses, incentives or commissions.
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.
By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.