Finance of America
Overview
Finance of America is guided by five values: We are customer obsessed, they are why we exist. We raise the bar. We take extreme ownership. We practice genuine collaboration. And we unleash our excellence. Together we are actualizing our vision to be the most beloved brand for homeowners in their next chapter. To learn more about us, visit www.financeofamerica.com Purpose of Role
Responsible for application security testing, adversary simulation, and cloud security research with a strong emphasis on adaptability and security. Researches new threat scenarios and works alongside the blue teams to validate defenses. Responsibilities and Expectations
Conducts penetration tests and threat simulations across applications, infrastructure, and cloud environments (AWS and Azure). Performs application security reviews, including secure code review and SAST/DAST configuration in CI/CD pipelines. Supports red and purple team exercises, using tactics aligned with the MITRE ATT&CK framework, to measure and improve SOC readiness. Researches and tests emerging threats, vulnerabilities, and exploitation techniques, including those targeting cloud and AI/ML applications. Partners with development, cloud, and SOC teams to communicate risks and recommend practical remediation strategies. Creates or adapts custom offensive tools and scripts to support testing scenarios. Documents and clearly communicates technical findings to both technical and non-technical audiences. Conducts security research and attends trainings, conferences, and capture-the-flag (CTF) events. Performs other duties as assigned. Reports To
Director, Vulnerability Management and Discovery Qualifications
Experience / Skills / Competencies
Minimum 3 years of experience in offensive security, penetration testing, or application security. Proficiency in web application security testing (e.g., OWASP Top 10, business logic flaws, authentication/authorization bypasses). Familiarity with cloud security testing in AWS (IAM, S3, EC2, Lambda, etc.); exposure to Azure strongly preferred. Knowledge of AI/ML application security testing, including risks such as prompt injection, data poisoning, and model extraction preferred. Scripting proficiency in Python (preferred), PowerShell, or Bash. Strong understanding of operating systems (Linux, Windows, MacOS) and networking protocols. Experience with CI/CD pipeline security integration (e.g., Azure DevOps, GitHub Actions). Exposure to adversary simulation tooling (e.g., C2 frameworks like Cobalt Strike, Sliver, Mythic). Familiarity with the MITRE ATT&CK framework and its application to offensive testing. Certifications such as OSCP, OSWE, OSEP, GXPN, or CRTO preferred. Prior experience collaborating with SOC and IR teams in purple team exercises. Strong written and verbal communication skills, with the ability to explain technical findings clearly to developers, engineers, and non-technical stakeholders. Ability to exercise judgment when policies or precedents are incomplete or not well-defined. Self-motivated, driven, and passionate about cybersecurity, with a continuous learning mindset. Education
Bachelor's Degree or comparable qualifications Field / Profession
Computer Science, Cybersecurity, or related field. Compensation
The base salary range for this position is ($85,300 - $142,100) inclusive of all geographical differences in the labor market. The base salary for the position will be determined based on factors such as the candidate’s work location, skills, education, and experience. In addition to those factors, we believe in the importance of pay equity and consider the internal equity of our current team members in determining any final offer. We offer a competitive benefits package including health, dental, vision, life insurance, paid time-off benefits, flexible spending account, 401(k) with employer match, and ESPP. Additional Information
The application deadline for this job opportunity is 11/3/2025. The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. Finance of America is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, sex (including pregnancy), sexual orientation, religion, creed, age, national origin, physical or mental disability, gender identity and/or expression, marital status, veteran status or other characteristics protected by law. Equal Opportunity Employer. This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr
Finance of America is guided by five values: We are customer obsessed, they are why we exist. We raise the bar. We take extreme ownership. We practice genuine collaboration. And we unleash our excellence. Together we are actualizing our vision to be the most beloved brand for homeowners in their next chapter. To learn more about us, visit www.financeofamerica.com Purpose of Role
Responsible for application security testing, adversary simulation, and cloud security research with a strong emphasis on adaptability and security. Researches new threat scenarios and works alongside the blue teams to validate defenses. Responsibilities and Expectations
Conducts penetration tests and threat simulations across applications, infrastructure, and cloud environments (AWS and Azure). Performs application security reviews, including secure code review and SAST/DAST configuration in CI/CD pipelines. Supports red and purple team exercises, using tactics aligned with the MITRE ATT&CK framework, to measure and improve SOC readiness. Researches and tests emerging threats, vulnerabilities, and exploitation techniques, including those targeting cloud and AI/ML applications. Partners with development, cloud, and SOC teams to communicate risks and recommend practical remediation strategies. Creates or adapts custom offensive tools and scripts to support testing scenarios. Documents and clearly communicates technical findings to both technical and non-technical audiences. Conducts security research and attends trainings, conferences, and capture-the-flag (CTF) events. Performs other duties as assigned. Reports To
Director, Vulnerability Management and Discovery Qualifications
Experience / Skills / Competencies
Minimum 3 years of experience in offensive security, penetration testing, or application security. Proficiency in web application security testing (e.g., OWASP Top 10, business logic flaws, authentication/authorization bypasses). Familiarity with cloud security testing in AWS (IAM, S3, EC2, Lambda, etc.); exposure to Azure strongly preferred. Knowledge of AI/ML application security testing, including risks such as prompt injection, data poisoning, and model extraction preferred. Scripting proficiency in Python (preferred), PowerShell, or Bash. Strong understanding of operating systems (Linux, Windows, MacOS) and networking protocols. Experience with CI/CD pipeline security integration (e.g., Azure DevOps, GitHub Actions). Exposure to adversary simulation tooling (e.g., C2 frameworks like Cobalt Strike, Sliver, Mythic). Familiarity with the MITRE ATT&CK framework and its application to offensive testing. Certifications such as OSCP, OSWE, OSEP, GXPN, or CRTO preferred. Prior experience collaborating with SOC and IR teams in purple team exercises. Strong written and verbal communication skills, with the ability to explain technical findings clearly to developers, engineers, and non-technical stakeholders. Ability to exercise judgment when policies or precedents are incomplete or not well-defined. Self-motivated, driven, and passionate about cybersecurity, with a continuous learning mindset. Education
Bachelor's Degree or comparable qualifications Field / Profession
Computer Science, Cybersecurity, or related field. Compensation
The base salary range for this position is ($85,300 - $142,100) inclusive of all geographical differences in the labor market. The base salary for the position will be determined based on factors such as the candidate’s work location, skills, education, and experience. In addition to those factors, we believe in the importance of pay equity and consider the internal equity of our current team members in determining any final offer. We offer a competitive benefits package including health, dental, vision, life insurance, paid time-off benefits, flexible spending account, 401(k) with employer match, and ESPP. Additional Information
The application deadline for this job opportunity is 11/3/2025. The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. Finance of America is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, sex (including pregnancy), sexual orientation, religion, creed, age, national origin, physical or mental disability, gender identity and/or expression, marital status, veteran status or other characteristics protected by law. Equal Opportunity Employer. This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr