View the Security Operations Center (SOC) Findings Report from RSAC™ 2025 Conference (PDF)

Junior Security Engineer (Web App)

Secure Yeti is excited to welcome a Security Engineer to our collaborative and supportive team of consultants who are passionate about knowledge sharing and continuous growth. In this role, you will gain hands-on experience working with clients, performing security control assessments, and validating controls across web applications, cloud environments, and other technologies. 

This position is designed as a launchpad for professional growth. As a Security Engineer, you will have opportunities to advance your career within Secure Yeti while expanding your expertise. While the primary focus will be on web applications and cloud testing, you will also have the chance to broaden your skills and explore areas such as network penetration testing based on your interests and career goals. 

Responsibilities 

  • Perform Security Control Assessments (SCAs) by working with senior engineers to evaluate client environments against NIST 800-53 controls. 
  • Conduct technical control validation using tools such as Burp Suite, Prowler, and Nmap to confirm security controls are implemented and effective. 
  • Craft client deliverables by drafting clear, accurate, and professional reporting. 
  • Shadow senior engineers during client calls, meetings, and outbriefs, building the skills needed to run assessments independently.  
  • Represent Secure Yeti with professionalism on client calls, in written communications, at industry events, and on social platforms. 
  • Maintain a proactive approach to learning by seeking training and self-study opportunities to strengthen technical, communication, and consulting skills throughout the apprenticeship. 
  • Collaborate closely with teammates, sharing knowledge and supporting one another in assessments and projects. 
  • Explore opportunities to learn phishing and vishing techniques under the guidance of one of the industry’s leading social engineers. 

 

Requirements 

  • U.S. Citizen residing in the U.S.
  • Bachelor’s degree in information technology, computer science, or related field. 
  • Committed to integrity with the ability to pass a federal background check, drug test, credit check, and maintain a National Security Clearance. 
  • Hands-on experience with web application penetration testing in labs or CTFs, including using tools like Burp Suite to identify common flaws. 
  • Familiarity with the OWASP Top Ten web application security risks and an understanding of how to identify or test for them. 
  • Knowledge of security frameworks such as NIST 800-53 and the ability to connect technical vulnerabilities to specific security controls. 
  • Strong written communication skills, with the ability to contribute to professional client reports. 
  • Comfortable and professional in client communications, with prior experience in customer service, tutoring, or other client-facing roles considered a plus. 
  • Curiosity, adaptability, and self-motivation with the resilience to learn from feedback and continuously improve. 
  • Strong collaborative mindset with an emphasis on humility, inclusivity, knowledge sharing, and constructive communication. 
  • Consistently demonstrate professional conduct in industry settings including conferences, events, and online platforms, upholding company values and safeguarding confidential information. 
  • Availability during standard business hours (8:00 AM – 5:00 PM CST) with flexibility for urgent client needs. 

 

Nice to Have 

  • Familiarity with cloud security basics (AWS, Azure, or Active Directory) through labs, coursework, or self-study. 
  • Introductory knowledge of network penetration testing concepts (misconfigurations, weak protocols, insecure services) through labs, training, or simulations. 
  • Curiosity about testing cloud and SaaS platforms such as M365 or GCP, with an understanding of common security challenges. 
  • Basic ability to write or adapt scripts in Python, JavaScript, PowerShell, or Bash for automation or lab projects. 
  • Certifications such as Security+, PNPT, GPEN, GXPN, or GWAPT. 
  • Exposure to secure code review concepts and an interest in learning how to identify vulnerabilities in source code. 
  • Experience with or interest in Social Engineering techniques such as phishing and vishing.

 

Career Progression: Opportunity to advance to Security Engineer I with appropriate salary adjustment after one year 

Benefits: 

  • 12 paid holidays annually 
  • Flexible time off policy 
  • 401(k) with up to 5% company match 
  • Health, Vision, Dental, ST/LT Disability, and Life Insurance 

 

Salary: $60k 

Job Category: Cybersecurity Information Security
Job Type: Full Time
Job Location: Remote (Must be a U.S. Citizen residing in the U.S.)
Sorry! This job has expired.