Security Engineer III

Job Description
As the recognized global standard for project-based businesses, Deltek delivers software and information solutions to help organizations achieve their purpose. Our market leadership stems from the work of our diverse employees who are united by a passion for learning, growing and making a difference. At Deltek, we take immense pride in creating a balanced, values-driven environment, where every employee feels included and empowered to do their best work. Our employees put our core values into action daily, creating a one-of-a-kind culture that has been recognized globally. Thanks to our incredible team, Deltek has been named one of America's Best Midsize Employers by Forbes, a Best Place to Work by Glassdoor, a Top Workplace by The Washington Post and a Best Place to Work in Asia by World HRD Congress. www.deltek.com

Built on 40 years of industry expertise, Deltek is a leading provider of ERP solutions for Government contractors of all sizes. Whether these firms call them a contract within the government contracting space, an engagement within professional services firms, or refer to them as a project within the AEC space, these organizations share the same ultimate goal—to win and deliver successful projects. Deltek offers complete and integrated software solutions that connect and automate every stage of the project lifecycle, enhancing project intelligence, management, and collaboration. With Deltek’s industry-focused expertise and end-to-end visibility into project and financial performance, we empower businesses to make data-driven decisions, mitigate risks, and deliver projects on time and within budget.

Deltek is seeking a Senior Principal Offensive Security Engineer with extensive experience in Offensive Security Operations to join our team. The role involves performing comprehensive security engagements across internal and external networks, web and mobile applications, APIs, cloud environments, and other Deltek systems. The successful candidate will employ dynamic security assessment tools and manual techniques to identify and exploit vulnerabilities, working closely with various engineering teams to test environments and develop remediation strategies. This hands-on position requires curiosity and tenacity to deeply analyze and identify issues, avoiding a checklist approach. The engineer will play a key role in managing security risks and protecting our customers, reporting to the US-based Team Lead of the Threat & Vulnerability Management Team.

Key Responsibilities:

• Design, scope, and perform offensive security engagements from planning, scoping, execution, and reporting
• Perform application penetration tests against Web, Mobile, API, and Thick Client applications to identify software security vulnerabilities in Deltek products and internal enterprise applications
• Perform vulnerability assessments, penetration tests, and adversarial operations to evaluate Deltek’s Cybersecurity maturity and resiliency against attacks
• Work with external third parties and researchers to reproduce, score, and further investigate reported issues
• Assess Deltek’s Cloud environments for security risks, misconfigurations, as well as new service provisioning with the Cloud Team to establish security baselines and drive security assessment findings into automated security configuration of cloud services
• Thoroughly validate, document findings/Proof of Concept,s and concisely communicate with different stakeholders (e.g. Application Engineers, Management, etc.)
• Maintain, develop, automate, and continually integrate new attack tactics and tools; monitor and search for new threat tactics and vectors, integrating them into your attack toolkit

Core Competencies:

• Excellent self-management and works with minimal direction.  
• Excellent collaboration skills to support and mentor team members and work in cross-functional environments.
• Excellent time management skills for handling multiple competing priorities and simultaneous projects.
• Excellent business and technical aptitude and problem-solving skills.
• Excellent critical thinking, analytical, communication (written and verbal), and interpersonal skills.
• Ability to work in a team environment collaboratively and take direction from senior-level staff.
• Enthusiasm to learn through a combination of structured, on-the-job, and self-directed training

Qualifications:

• Bachelor’s degree in computer science/information technology, Cybersecurity or equivalent work experience
• At least 7 years of security engineering experience, including red teaming, penetration testing, threat and vulnerability assessments
• Strong experience with different application technologies and frameworks (e.g. Java, .Net, C#)
• Strong experience in Web, Mobile, Thick Client, and API application penetration tests
• Excellent communication and data presentation skills to clearly and effectively communicate information to stakeholders, both internally and externally
• Programming experience in Python, C/C++, JavaScript, .NET, or other interpreted or compiled languages
• Ability to collaborate with application developers to understand application surfaces
• One or more hands-on practical Offensive Cybersecurity certifications or trainings (e. g. OSCP, OSWE, eCPPT, eCPTX, eWPT, WAPTX, GIAC Certs, Pentester Academy Red Team Expert, Pentester Academy Certified Red Team Professional,
• etc.)
• Knowledge of Cloud security principles
• Strong Network and Application security concepts
• Prior experience conducting adversarial emulations

Deltek is committed to the protection and promotion of your privacy. In connection with your application for employment with us at Deltek, it is necessary for us to collect, store and use information about you (“Personal Data”) to administer and evaluate your application. We are the “controller” of the Personal Data you provide us and will process any such Personal Data in accordance with applicable law and the statements contained in this Employment Candidate Privacy Notice. Additionally, we have not sold and do not sell Personal Data you provide to us through the job application process.

Business Summary
Deltek's Global Information Security team has a passion for simplifying the delivery of information security in a complex industry. As part of our dynamic team, you will help deliver creative security services to continuously improve the first-rate protection of Deltek’s Information Assets. Join us as we create innovative solutions to further security as a differentiator for Deltek.