Ready for a change of pace
or an excellent first
career opportunity?

Nexum Careers

Application Assessment Lead (Senior Security Engineer) – United States

Network security company Nexum, Inc. seeks a seasoned security assessment / penetration testing professional to join the team. Nexum is a thriving company with an engineering-centric culture. Applicants must have solid experience reviewing applications for security, recommending security improvements, and performing remote and local testing of applications. Candidates will join a nimble security assessment team that emphasizes results, and provides mentorship towards autonomy while giving each team member the opportunities and support to advance in a high-impact position within our fast-moving, independent technology company.

Job Overview/Responsibilities:

  • Meet with clients to explain offerings and gather requirements
  • Formal security assessment of mobile and web applications
  • Security review of service delivery configurations
  • On-site and remote penetration testing
  • Discover and exploit vulnerabilities in applications, APIs, systems, and protocols
  • Document, rate, and explain findings in the context of client systems and requirements
  • Communicate client-focused recommendations for remediating documented findings
  • Work with client developers to review proposed remediations
  • Candidates will be considered for position and responsibility commensurate with experience.

Skills and Qualifications:

  • Experience participating in all aspects of application security assessment, including pre-sales and post-delivery discussions with clients
  • Experience validating the output of multiple tools and techniques, and synthesizing those results into actionable findings
  • Ability to communicate well in front of clients while engaged in assessment work; ability to understand complex requirements, and explain complex findings
  • Familiarity with both black-box penetration testing and white-box assessment techniques
  • Experience assessing the security of common application service delivery environments, including dedicated cloud-based platforms


  • 3-5 years experience performing web and mobile application security assessments
  • Proficiency with common office software packages including MS Word and Excel
  • Excellent reading, writing, and verbal communication skills
  • Proficiency with networking and testing tools including Nexpose, Metasploit, Burp Suite, nmap, Nessus, etc.
  • Detailed understanding of key application security principles
  • Excellent reading comprehension
  • S. Degree or equivalent work experience

Preferred Skills

  • Experience advising clients on the security aspects of public and private regulatory regimes and standards (especially HIPAA, PCI, and FISMA) as they relate to applications handling sensitive data
  • Experience working with development teams to address security issues both within the development lifecycle and after testing
  • Proficiency with other common security testing tools

Company Benefits

  • Quarterly bonuses (company and personal performance-based)
  • Health insurance
  • Dental & vision insurance
  • Flexible working schedule depending on assignment
  • Casual work environment, when not at client sites

Submit your resume to