Position: Cloud Security/Penetration Test Engineer Dallas, Texas, United States Remote
About Appspace
At Appspace, we’re passionate about creating better work experiences for people everywhere, and we’re looking for people that feel the same way. Our global office locations and flexible work culture help you work wherever and however you’re at your best. Plus, we take the time to help you enjoy your work, build lasting connections, and grow your role. Join the Appspace team and be a part of a culture that’s helping people everywhere love where they work.
Your
Role as a Cloud Security/Penetration Test Engineer
We are seeking a highly skilled Cloud Security Engineer to join our dynamic team. This is a crucial customer-facing role where you will be instrumental in designing, implementing secure cloud configurations, manual web application testing and securing complex cloud environments for our clients across Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS), with a strong emphasis on GCP.
A fundamental part of your role will be demonstrating your ability to manually penetration test web applications.
You will leverage your deep expertise in SaaS security, network security, and compliance to provide strategic guidance and hands‑on support, ensuring our clients' cloud infrastructures are robust, resilient, and compliant with industry standards.
What You’ll Do
• Perform manual penetration testing activities on Web Applications and Mobile Applications using black‑box testing tools, in‑depth penetration test (using shell scripts and manual testing) techniques, DAST & SAST tools. The candidate should be highly experienced with black box, gray box and white box testing techniques along with red teaming skills.
• Understand the application architectural components, business purpose of the application and code at high level. The resource will be responsible for assisting in architecting secure coding practices.
• Web Application:
Highly familiar with OWASP Top 10 and the ASVS. You will be the Subject Matter Expert within the organization to demonstrate OWASP Top 10 findings and provide resolution recommendations.
• Cloud Security Operations:
Design, implement, and optimize robust cloud security architectures to enhance, build, monitor and address all security alerts from our SIEM and other security systems. This is an operational role whereby you will be available M‑F 8am‑5pm EDT and on‑call shifts on evenings and weekends.
• Network Security Expertise:
Your network security and cloud security expertise will be required to respond to customer questionnaires, customer calls and create artifacts including network diagrams, architecture diagram, data flow diagrams and other artifacts to support customer requests. Strong written skills will be required here and attention to detail.
• Firewall & WAF Management:
Configure, manage, and troubleshoot cloud‑native firewalls (e.g., GCP Cloud Firewall, Azure Firewall, AWS Security Groups/NACLs) and Web Application Firewalls (WAFs) to protect web applications from common vulnerabilities and attacks. The candidate will demonstrate past hands‑on network experience in managing complex layer‑4 to layer‑7 rules.
• SIEM Integration & Optimization:
As a Level‑2 Security Operations support team member, you will review all security alerts and resolve these alerts in a timely manner. You will work with our current Security Operations team to expand on our current alerting and reporting capabilities to enhance visibility across our attack surface. Powershell or similar scripting skills will be required.
• SaaS Security Best Practices:
Provide expert guidance on securing SaaS applications, including identity and access management (IAM), data encryption, API security, and secure configuration baselines. You will be responsible for leading and managing all firewall reviews, access reviews, system reviews and risk assessments.
• Compliance & Governance:
Lead and contribute to compliance initiatives, ensuring cloud environments adhere to industry regulations and frameworks such as GDPR, SOC 2, ISO 27001, CMMC and CSA STAR. Conduct security assessments and gap analyses.
• Customer Engagement & Presentation:
Act as a trusted advisor to clients, effectively communicating…