Software Security and Offensive Security Manager

Work with a nationally ranked CPA and advisory firm that is passionate for what's next. Aprio has 30 U.S. office locations, one in the Philippines and more than 2,100 team members that speak 60+ languages across the globe. By bringing together proven expertise, deep understanding, and strategic foresight for fast-growing industries, Aprio ensures clients are prepared for wherever life or business may take them. Discover a top-rated culture, vast growth opportunities and your next big career move with Aprio.
Join Aprio's Risk Advisory and Assurance Services team and you will help clients maximize their opportunities.  Aprio is a progressive, fast-growing firm looking for a Software Security and Offensive Security Manager to join their dynamic team.
Aprio’s RAAS team serves leading technology service providers, from disruptive start-ups to global market leaders. Our services include consulting, advisory, audits and examinations for other leading security and IT compliance standards and protocols such as: SOC 1, SOC 2, ISO 27001, ISO 27701, HITRUST, CMMC, FedRAMP, NIST CSF, GDPR, PCI DSS and others. 
We are seeking an experienced Offensive Security and Penetration Testing professional to join our team and help us develop this service line from the ground up.·      We have great people dedicated to delivering a great client service experience, ·      We are information security and compliance experts, and·      We are committed to fostering a startup environment where teammates are rewarded for having a growth mindset.

Your opportunities as a member of the Aprio Risk Advisory and Assurance Services team:

• Be part of a transformative growth journey! Following our recent acquisition of SecurityBricks, a leader in innovative security solutions, Aprio has positioned our team at the forefront of cybersecurity and compliance services advancements.
• Contribute to cutting-edge initiatives as we expand into CMMC, FedRAMP, PCI SSF, and work around other high performers developing custom software security solutions, offering opportunities to tackle unique security challenges in high-stakes, regulated industries.
• Work on diverse, high-impact projects across a number of teams and industries, and take on the opportunity to build a team around you over time.
• Access unparalleled professional development through training, certifications, and hands-on experience with emerging technologies, ensuring you stay ahead in the rapidly evolving cybersecurity landscape.
• Enjoy a collaborative, innovative culture with competitive salary, comprehensive benefits, and flexible work arrangements, fostering both personal and professional growth.

Desired Background and Characteristics for this Role:

• Experience with cloud infrastructure offensive security assessments (e.g., AWS, Azure, GCP), web application and API penetration testing, and traditional network penetration testing.
• Experience with application and software security including performing static application security, dynamic application security, and memory forensic analysis.
• Proficiency in developing assessment documentation and documenting the results of your work.
• Familiarity with penetration testing and application requirements for common security compliance frameworks (e.g., FedRAMP, PCI DSS, PCI SSF).

Candidates interested in the Role should possess the following:

• Minimum of 5 years’ experience in penetration testing or a related cybersecurity role, with a focus on application/software, network, cloud infrastructure, web application, and API testing.
• Hands-on experience with network penetration testing, including assessment of protocols (e.g., TCP/IP, DNS, VPN), firewalls, and intrusion detection/prevention systems.
• Hands-on experience with cloud security testing in platforms such as AWS, Azure, or GCP, and their cloud native solutions.
• Hands-on experience web application penetration testing, covering OWASP Top 10 vulnerabilities (e.g., SQL injection, XSS, CSRF) and secure coding practices.
• Hands-on experience with application security and tools used to perform source code, memory and runtime analysis (i.e., SAST, DAST and memory forensics analysis).
• Strong proficiency in API security testing, including REST, SOAP, and GraphQL, with experience in identifying issues like broken authentication, excessive data exposure, and injection flaws.
• Familiarity with common penetration testing tools such as Burp Suite, Metasploit, Nmap, Nessus, Wireshark, and Kali Linux.
• Experience with scripting languages (e.g., Python, Bash, PowerShell) for automating tests.
• Understanding of secure development lifecycle (SDLC) and DevSecOps practices to integrate security into CI/CD pipelines.
• Strong analytical and problem-solving skills, with the ability to think like an attacker and identify complex attack chains.
• Excellent communication skills to articulate technical findings to both technical and non-technical stakeholders in verbal and written form.
• Requirement: This role requires you to maintain at least one industry certification related to cyber security including: CCNP, CISSP, CSSLP, GPEN, GCED, CEH, CHFI, or GCFA.
• Bonus – OSCP, OSWE, CRTP, and other certifications that require hands on skills application to obtain are a huge plus.
• Bonus – PCI PA-DSS and PCI SSF experience

The application window is anticipated to close on August 27th and may be extended as needed.
Why work for Aprio:Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm. 
Perks/Benefits we offer for full-time team members:- Medical, Dental, and Vision Insurance on the first day of employment- Flexible Spending Account and Dependent Care Account- 401k with Profit Sharing- 9+ holidays and discretionary time off structure- Parental Leave – coverage for both primary and secondary caregivers- Tuition Assistance Program and CPA support program with cash incentive upon completion- Discretionary incentive compensation based on firm, group and individual performance- Incentive compensation related to origination of new client sales- Top rated wellness program- Flexible working environment including remote and hybrid options  What’s in it for you:- Working with an industry leader: Be part of a high-growth firm that is passionate for what’s next.- An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience.  We call it the Aprio Way.  This shared mindset creates lasting relationships between team members and with clients.- A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.- Entrepreneurship: Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.- Growth opportunities: Grow professionally in an environment that fosters continuous learning and advancement.- Competitive compensation: You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.

EQUAL OPPORTUNITY EMPLOYERAprio is an Equal Opportunity Employer encouraging diversity in the workplace. All qualified applicants will receive consideration for employment without regard to race; color; religion; national origin; sex; pregnancy; sexual orientation; gender identity and/or expression; age; disability; genetic information, citizenship status; military service obligations or any other category protected by applicable federal, state, or local law.
Aprio, LLP and Aprio Advisory Group, LLC, operate in an alternative business structure, with Aprio Advisory Group, LLC providing non-attest tax and consulting services, and Aprio, LLP providing CPA firm services.