Network security company Nexum, Inc. seeks a seasoned security assessment / penetration testing professional to join the team in the greater Chicagoland area (remote work also available). Nexum is a thriving company with an engineering-centric culture. Applicants must have solid experience reviewing applications for security, recommending security improvements, and performing remote and local testing of applications. Candidates will join a nimble security assessment team that emphasizes results, and provides mentorship towards autonomy while giving each team member the opportunities and support to advance in a high-impact position within our fast-moving, independent technology company.

Job Overview/Responsibilities

• Meet with clients to explain offerings and gather requirements
• Formal security assessment of mobile and web applications
• Security review of service delivery configurations
• On-site and remote penetration testing
• Discover and exploit vulnerabilities in applications, APIs, systems, and protocols
• Document, rate, and explain findings in the context of client systems and requirements
• Communicate client-focused recommendations for remediating documented findings
• Work with client developers to review proposed remediations
• Candidates will be considered for position and responsibility commensurate with experience.

Skills and Qualifications

• Experience participating in all aspects of application security assessment, including pre-sales and post-delivery discussions with clients
• Experience validating the output of multiple tools and techniques, and synthesizing those results into actionable findings
• Ability to communicate well in front of clients while engaged in assessment work; ability to understand complex requirements, and explain complex findings
• Familiarity with both black-box penetration testing and white-box assessment techniques
• Experience assessing the security of common application service delivery environments, including dedicated cloud-based platforms
• Experience performing penetration tests against a variety of operating systems, network architectures, and services


• 3-5 years experience performing web and mobile application security assessments
• Proficiency with common office software packages including MS Word and Excel
• Excellent reading, writing, and verbal communication skills
• Proficiency with networking and testing tools including Nexpose, Metasploit, Burp Suite, nmap, Nessus, etc.
• Detailed understanding of key application security principles
• Excellent reading comprehension
• B.S. Degree or equivalent work experience

Additional Preferred Skills

• Experience advising clients on the security aspects of public and private regulatory regimes and standards (especially HIPAA, PCI, and FISMA) as they relate to applications handling sensitive data
• Experience working with development teams to address security issues both within the development lifecycle and after testing
• Proficiency with other common security testing tools

Company Benefits

• Quarterly bonuses (company and personal performance-based)
• Health insurance
• Dental & vision insurance
• Flexible working schedule depending on assignment
• Casual work environment, when not at client sites

Submit your resume to