Senior Security Assurance Engineer (Internal Penetration Testing)

Requirements:

• 5+ years of experience in penetration testing, red teaming, or security assurance roles, with hands-on experience testing complex, large-scale systems.
• Strong practical knowledge of offensive security techniques, including web application, API, network, and cloud exploitation.
• Solid understanding of system internals, networking, and common vulnerability classes, including OWASP Top 10, logic flaws, authentication and authorization issues, and race conditions.
• Familiarity with both Windows and Linux environments from an attacker’s perspective.
• Experience using standard penetration testing tools such as Burp Suite, Metasploit, Nmap, BloodHound, and similar offensive security tooling.
• Ability to assess the real-world impact of vulnerabilities and prioritize risks in a high-stakes environment.
• Ability to clearly document findings, explain exploitability, and provide practical remediation guidance to engineering and infrastructure teams.
• Strong communication skills, with the ability to clearly articulate technical risks and remediation strategies to engineering stakeholders.
• Ability to operate independently, manage multiple assessments, and provide senior-level technical judgment during security assurance activities.

Nice to Haves:

• Experience testing applications and services developed in languages such as Python, C++, Rust, Go, and Kotlin/Java.
• Experience with cloud security testing across AWS or Azure, including IAM, network configuration, storage, managed services, and common cloud misconfigurations.
• Experience developing custom penetration testing tools, automation, scripts, exploits, or fuzzers.
• Experience integrating security testing into CI/CD pipelines or supporting continuous assurance practices.
• Understanding of detection and response mechanisms, with the ability to evaluate or bypass them during controlled testing.
• Experience conducting red team exercises, adversary simulations, or purple team engagements.
• Experience with containerized environments, Kubernetes, infrastructure-as-code, or hybrid cloud infrastructure.
• Knowledge of low-latency systems, financial trading environments, or high-performance distributed systems.
• Relevant certifications such as OSCP, OSEP, OSCE, CRTO, CCT APP, CCT INF, or equivalent practical experience.

What You'll Be Doing:

• Conduct internal penetration testing across a wide range of systems, including trading infrastructure, cloud platforms, APIs, and business applications in both Windows and Linux environments.
• Perform red team-style assessments and adversarial simulations to identify weaknesses in detection, response, and resilience capabilities.
• Design and execute security assurance strategies to validate the effectiveness of security controls across applications, infrastructure, and cloud environments.
• Coordinate external penetration testing engagements with third-party security vendors, including scoping, execution oversight, validation of findings, and remediation tracking across cloud, infrastructure, and application environments.
• Identify, exploit, and clearly document vulnerabilities, providing actionable remediation guidance tailored to engineering teams.
• Collaborate with product security and development teams to ensure vulnerabilities are properly remediated.
• Support threat modeling exercises by providing an attacker’s perspective on system design and architecture.
• Develop and maintain tooling, scripts, and frameworks to automate testing and improve coverage of security assessments.
• Contribute to continuous security testing within CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls.
• Conduct security reviews of internal and third-party systems, validating real-world exploitability of identified risks.
• Provide mentorship and training to engineers on common attack vectors, exploitation techniques, and secure design principles.
• Stay current with emerging threats, vulnerabilities, and offensive security techniques relevant to financial systems and low-latency environments.

Perks and Benefits:

• QRT is an equal opportunity employer that values diversity.
• Commitment to creating an environment where employees can work openly, respectfully, and collaboratively.
• Initiatives and programs designed to help employees maintain a healthy work-life balance.