Senior Security Engineer, M&A Security Testing

It's fun to work in a company where people truly BELIEVE in what they're doing!

Fullsteam is a leading provider of vertical software and embedded payments technology dedicated to helping businesses flourish by providing their customers with seamless experiences. With a dynamic and growing team of over 1,900 employees, we are committed to driving innovation and delivering best-in-class software and payment solutions that empower small and medium-sized businesses across numerous industries. Our purpose is to help our customers grow their businesses and delight their customers. Join us and be a part of a forward-thinking company that values growth, excellence, and the success of our clients.

This position is part of the Fullsteam InfoSec Team which is directly responsible for working with Business Units and Fullsteam Corporate on security initiatives and response.

At Fullsteam, we are committed to safeguarding our digital assets and ensuring the highest level of security for our clients. As we continue to build our security programs with seasoned security practitioners, we are looking for a passionate and experienced Senior Security Engineer to join our Proactive Security Team. If you thrive in a fast-paced dynamic environment and are eager to contribute to the development of our M&A Security Testing program, we want to hear from you!

Primary Responsibilities:

• Develop and maintain a Mergers and Acquisitions penetration testing program, ensuring identified risks and vulnerabilities in networks, infrastructure, cloud, and applications assets.
• Partner with new and existing BUs for onboarding into Proactive Security programs and processes.
• Plan and successfully execute dynamic application security testing across new and existing enterprise web applications and APIs.
• Conduct threat modeling exercises to identify potential threats and propose mitigations for in-scope Business Units.
• Produce detailed, accurate, and clear reports for both technical and non-technical stakeholders which outlines findings, associated risks, and recommended actions.
• Stay up to date with the latest security trends, vulnerabilities, and attack vectors to ensure continuous improvement of the security posture.
• Collaborate with Security, IT, and BU Engineering teams to continuously develop and improve effective testing and remediation plans.
• Develop and maintain metrics and KPIs to measure the effectiveness of the penetration testing program.
• Mentor, guide, and collaborate with other Proactive Security team members
• Partner with GRC, Defensive Security, and technical resources to further improve functional security processes and programs.

Skills & Competencies:

• 4+ years of experience in effective penetration testing roles and projects involving cloud, web applications, infrastructure, and network assets and aligning with standard frameworks such as OWASP, NIST, and CIS.
• 5+ years of relevant technology and/or cybersecurity experience.
• In-depth knowledge and experience with security vulnerability identification and penetration testing tools (AppScan, Burpsuite, Nmap, OWASP ZAP, Wireshark, etc).
• Experience with Application security testing models and tools (SAST, DAST, IAST).
• Experience performing manual infrastructure, network, and code reviews for relevant issues.
• Familiarity with infrastructure as code, CI/CD tooling, or environments like Kubernetes or Terraform.
• Experience developing and formalizing collaborative process documentation.
• Ability to work independently in a fully remote environment while managing priorities across multiple concurrent projects.
•  Innate desire to be curious, learn, and grow.

Minimum Qualifications:

• Penetration Testing Certifications: OSCP, OSCE, OSEP, GPEN, GWAPT
• Cloud service certifications: AWS, Azure, GCP, etc
• Deep expertise in Burp Suite or other testing tools
• Experience with CTFs, bug bounty, or security community mentorship
• Excellent written and verbal communication skills.

Fullsteam supports an inclusive workplace that values diversity of thought, experience, and background. Fullsteam is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, ancestry, age, physical or mental disability, sex, sexual orientation, gender identity/expression, pregnancy, veteran status, marital status, creed, status with regard to public assistance, genetic status or any other status protected by federal, state, or local law.