Associate Architect, Information Security

Role Overview:

Aptean is seeking a Senior Penetration Tester with strong DevSecOps expertise to play a dual-role in our offensive security and secure development lifecycle initiatives. You will lead advanced penetration testing engagements, red team operations, and threat simulations across enterprise environments while also driving secure software practices by integrating security into CI/CD pipelines. This role blends deep offensive security capabilities with hands-on DevSecOps implementation, contributing to both proactive and preventative cybersecurity postures.

Key Responsibilities:

Offensive Security & Penetration Testing

• Lead and perform advanced penetration testing across:
• Web, mobile (iOS/Android), and desktop/thick client applications
• APIs (REST, GraphQL, SOAP) with focus on business logic vulnerabilities
• Internal/external networks and hybrid infrastructure (on-prem and cloud)
• Execute red team engagements simulating real-world adversaries (APT-style)
• Targeting Windows Active Directory, Linux systems, and cloud platforms (AWS, Azure, GCP)
• Employing post-exploitation, lateral movement, and persistence techniques
• Build and maintain offensive infrastructure (C2 servers, phishing platforms)
• Develop proof-of-concept exploits and adversary emulation scenarios
• Deploy and monitor honeypots/honeynets for threat detection and behavior analysis

DevSecOps & Secure SDLC

• Integrate security tools (SAST, DAST, SCA, IaC scanning) into CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI/CD)
• Automate security testing and policy enforcement in the development lifecycle
• Collaborate with DevOps and developers to implement secure coding practices and remediation workflows
• Build custom scripts/tools for security automation (Python, Bash, PowerShell)
• Monitor and harden containerized and cloud-native infrastructure (Docker, Kubernetes, serverless)
• Support security gate controls and compliance checks across release pipelines

Reporting, Documentation & Communication

• Deliver detailed technical reports and executive summaries of findings
• Present findings to cross-functional stakeholders including engineering and executive leadership
• Provide actionable remediation guidance with risk prioritization
• Develop technical documentation, threat playbooks, and attack narratives

Leadership, Collaboration & Mentorship

• Mentor junior penetration testers and review their assessments
• Lead purple teaming exercises to bridge offensive and defensive capabilities
• Collaborate with blue teams to enhance detection and response
• Conduct knowledge sharing sessions and internal capability development
• Stay current with threat landscape, tools, and techniques

Required Qualifications:

Experience & Background

• 8–10 years in cybersecurity with primary focus on penetration testing and red teaming
• At least 2 years hands-on experience integrating security in CI/CD and DevSecOps environments
• Proven leadership in complex offensive security engagements

Technical Skills

• Offensive Security:
• Advanced penetration testing of web, mobile, and thick client apps
• Red teaming, lateral movement, and post-exploitation in enterprise environments
• API security testing and exploitation
• Tooling & Platforms:
• Burp Suite, OWASP ZAP, Metasploit, Cobalt Strike, BloodHound, Empire, Sliver
• Nessus, Nmap, Trivy, AWS Inspector, Azure Defender, GCP SCC
• GitHub Actions, Jenkins, GitLab CI/CD, Docker, Kubernetes
• Scripting & Automation:
• Proficient in Python, Bash, PowerShell (Go or Ruby a plus)
• Automation of penetration testing tasks and CI/CD integration
• Cloud & Infrastructure:
• Hands-on experience in AWS, Azure, GCP environments
• Active Directory attack techniques (e.g., Kerberoasting, Golden Ticket)
• Container and cloud-native attack simulation
• Security Frameworks:
• Deep knowledge of OWASP Top 10, MITRE ATT&CK, PTES, STRIDE, PASTA
• Familiarity with threat intelligence and APT tactics

Preferred Qualifications:

Certifications

• One or more of the following:
• OSCP (Offensive Security Certified Professional)
• CPENT, GIAC (GPEN, GXPN, GCPN, GWAPT, GMOB)
• CEH (Certified Ethical Hacker)

Specialized Skills

• Purple teaming and detection tuning
• Cloud-native and serverless security testing
• Honeypot/honeynet development
• Malware analysis fundamentals
• Threat modeling (STRIDE, OCTAVE)
• Experience with regulatory frameworks (NIST, PCI DSS, HIPAA, GDPR)

Personal Attributes

• Strong problem-solving and critical thinking skills
• Excellent verbal and written communication, including reporting to technical and non-technical audiences
• Ability to lead, mentor, and collaborate effectively across teams
• Passion for offensive security, continuous learning, and responsible disclosure
• Adaptability to fast-paced, evolving threat environments

What’s in it for you?
Aptean offers competitive pay and robust benefit plans along with the opportunity to grow your career in a fast-paced, flexible and casual environment, an outstanding opportunity for career development and growth. About Aptean
At Aptean, our mission is to solve tomorrow’s unique challenges today with unrivaled, purpose-built software and superior customer experiences from people who care. Aptean is a global provider of mission-critical, industry-specific software solutions. Aptean’ s purpose-built ERP and supply chain management solutions help address the unique challenges facing process and discrete manufacturers, distributors and other focused organizations. Aptean’ s compliance solutions are built for companies serving specific markets such as finance, healthcare, biotech and pharmaceuticals, over 10,000 highly specialized organizations in more than 20 industries and 80 countries rely on Aptean to streamline their everyday operations. “At Aptean, our global and diverse employee base is our greatest asset. It is through embracing and understanding our differences that we are able to harness our individual power to maximize the success of our customers, our employees and our company.” – TVN Reddy Aptean pledges to promote a company culture where diversity, equity and inclusion are
central. We are committed to applying this principle as we interact with our customers,
build our teams, cultivate our leaders and shape a company in which any employee can
succeed, regardless of race, color, sex, national origin, sexuality and gender identity,
religion, disability or age. Celebrating our diverse experiences, opinions and beliefs
allows us to embrace what makes us unique and to use this as an asset in bringing
innovative solutions to our customer base.