Cyber Security Engineer – Penetration Testing

About the role

As a Cyber Security Engineer focused on penetration testing, you will act as a bridge between FICO’s internal security standards and its global supply chain. You’ll partner with senior leadership and engineering teams to ensure that product development aligns with the company’s risk appetite in a data‑driven analytics environment.

Key responsibilities

• Collaborate with engineers, consultants and leadership to identify security risks and recommend mitigations throughout the Secure Development Lifecycle (SDLC).
• Perform secure code reviews, security testing, vulnerability triage and dynamic application security testing (DAST) across multiple applications and APIs.
• Interact regularly with internal and external customers on security‑related projects and operational tasks.
• Analyse test results, draw conclusions, and develop targeted exploit examples.
• Document root‑cause analysis and risk assessments for findings.
• Champion product security testing processes and promote secure development practices across engineering and product teams.
• Maintain and improve the configuration and integration of DAST and API security tools.
• Stay current on security best practices, emerging vulnerabilities and attacker tactics.
• Suggest and implement process and tooling improvements, including automation where possible.

Required profile

• Bachelor’s degree in Computer Science, Cybersecurity or a related field.
• Relevant certifications such as CEH, CCSP, CISSP, OSCP are highly desirable.
• 5+ years of experience in product security, penetration testing and security automation.
• Strong understanding of AWS infrastructure and cloud security principles.
• In‑depth knowledge of cybersecurity frameworks (OSI, NIST, OWASP, SANS, PCI).
• Experience with secure coding principles, code‑review tools and CI/CD pipelines.
• Excellent analytical, problem‑solving and communication skills.

Required skills

• AWS and cloud security
• Dynamic Application Security Testing (DAST)
• API security testing tools
• Secure code review
• Vulnerability triage
• Web application and API penetration testing
• Infrastructure‑as‑code scanning
• CI/CD and shift‑left security
• Knowledge of OWASP, NIST, PCI, SANS frameworks