Senior Security Analyst
$91K - $119K/yr
Coordinate annual penetration testing for web applications, APIs, and cloud environments; ensure final reports are processed within 30 days. Track remediation and retesting and ensure all critical ...
$91K - $119K/yr
Coordinate annual penetration testing for web applications, APIs, and cloud environments; ensure final reports are processed within 30 days. Track remediation and retesting and ensure all critical ...
$91K - $119K/yr
Coordinate annual penetration testing for web applications, APIs, and cloud environments; ensure final reports are processed within 30 days. Track remediation and retesting and ensure all critical ...
Atlanta, GA · Hybrid
Prior experience with offensive tools, network penetration testing tools, scripting languages, command and control frameworks, programming languages (C, C++, C#), software vulnerabilities, exploits ...
Atlanta, GA · Hybrid
Prior experience with offensive tools, network penetration testing tools, scripting languages, command and control frameworks, programming languages (C, C++, C#), software vulnerabilities, exploits ...
Alpharetta, GA · On-site
... penetration testing, WAF's). • Experience with application security tools and technologies, such as web application firewalls (WAFs), static and dynamic code analysis tools, and penetration testing ...
Alpharetta, GA · On-site
... penetration testing, WAF's). • Experience with application security tools and technologies, such as web application firewalls (WAFs), static and dynamic code analysis tools, and penetration testing ...
Atlanta, GA · On-site
$110K - $151K/yr
... testing (DAST), and penetration testing. * Lead efforts related to designing, planning, enhancing, and testing all cybersecurity technologies used throughout the enterprise including base-lining ...
Atlanta, GA · On-site
$110K - $151K/yr
... testing (DAST), and penetration testing. * Lead efforts related to designing, planning, enhancing, and testing all cybersecurity technologies used throughout the enterprise including base-lining ...
Atlanta, GA · On-site
$120K - $150K/yr
Deep knowledge of threat modeling, security testing, and penetration testing. * Experience implementing and managing complex information security technologies. Preferred Qualifications * Master ...
Atlanta, GA · On-site
$120K - $150K/yr
Deep knowledge of threat modeling, security testing, and penetration testing. * Experience implementing and managing complex information security technologies. Preferred Qualifications * Master ...
Atlanta, GA · Remote
$125K - $130K/yr
Experience selling managed security (MDR), penetration testing, or remediation services * Familiarity with offensive security services and compliance frameworks (SOC 2, ISO 27001) Employer Value ...
Quick apply
Atlanta, GA · Remote
$125K - $130K/yr
Experience selling managed security (MDR), penetration testing, or remediation services * Familiarity with offensive security services and compliance frameworks (SOC 2, ISO 27001) Employer Value ...
$110K - $151K/yr
Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with ...
$110K - $151K/yr
Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with ...
$110K - $151K/yr
Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with ...
$110K - $151K/yr
Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with ...
Performs threat modeling, security testing, and penetration testing for the platforms and services in scope, using structured analysis to identify and remediate significant vulnerabilities.
Performs threat modeling, security testing, and penetration testing for the platforms and services in scope, using structured analysis to identify and remediate significant vulnerabilities.
... penetration testing on assigned systems. Executes and enhances cybersecurity technologies by baselining systems, monitoring results, and making configuration and process adjustments to deliver ...
... penetration testing on assigned systems. Executes and enhances cybersecurity technologies by baselining systems, monitoring results, and making configuration and process adjustments to deliver ...
Norcross, GA · Remote
$117K - $146K/yr
Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities. Define, maintain, and enforce secure coding standards ...
Norcross, GA · Remote
$117K - $146K/yr
Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities. Define, maintain, and enforce secure coding standards ...
Atlanta, GA · On-site
$110K - $151K/yr
Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with ...
Atlanta, GA · On-site
$110K - $151K/yr
Run penetration tests. Network, web-application, cloud, and infrastructure testing, recon through exploitation, privilege escalation, and lateral movement, accelerated by the tooling you build, with ...
Atlanta, GA · On-site
$110K - $151K/yr
... penetration testing on assigned systems. Executes and enhances cybersecurity technologies by baselining systems, monitoring results, and making configuration and process adjustments to deliver ...
Atlanta, GA · On-site
$110K - $151K/yr
... penetration testing on assigned systems. Executes and enhances cybersecurity technologies by baselining systems, monitoring results, and making configuration and process adjustments to deliver ...
Atlanta, GA · On-site
$110K - $151K/yr
Designs and develops advanced technical and cybersecurity capabilities across all phases of the software development lifecycle, including threat modeling, security testing, and penetration testing.
Atlanta, GA · On-site
$110K - $151K/yr
Designs and develops advanced technical and cybersecurity capabilities across all phases of the software development lifecycle, including threat modeling, security testing, and penetration testing.
... Penetration testing experience Strong technical, troubleshooting, and analytical skills Experience with cyber threat intelligence Excellent written and verbal communication skills Additional ...
... Penetration testing experience Strong technical, troubleshooting, and analytical skills Experience with cyber threat intelligence Excellent written and verbal communication skills Additional ...
Atlanta, GA · On-site
$110K - $151K/yr
... penetration testing on assigned systems. Executes and enhances cybersecurity technologies by baselining systems, monitoring results, and making configuration and process adjustments to deliver ...
Atlanta, GA · On-site
$110K - $151K/yr
... penetration testing on assigned systems. Executes and enhances cybersecurity technologies by baselining systems, monitoring results, and making configuration and process adjustments to deliver ...
Network penetration testing * Application vulnerability assessments * Risk analysis * Compliance testing * Knowledge of information security standards, rules, and regulations related to Information ...
Network penetration testing * Application vulnerability assessments * Risk analysis * Compliance testing * Knowledge of information security standards, rules, and regulations related to Information ...
Atlanta, GA · On-site
$56.50 - $75.50/hr
Secure code review, API security & advanced testing (25%) * Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing across web, mobile, and API ...
Atlanta, GA · On-site
$56.50 - $75.50/hr
Secure code review, API security & advanced testing (25%) * Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing across web, mobile, and API ...
Atlanta, GA · On-site
$56.50 - $75.50/hr
Secure code review, API security & advanced testing (25%) * Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing across web, mobile, and API ...
Atlanta, GA · On-site
$56.50 - $75.50/hr
Secure code review, API security & advanced testing (25%) * Conducting and directing advanced secure code reviews, SAST/DAST assessments, and manual penetration testing across web, mobile, and API ...
Network penetration testing * Application vulnerability assessments * Risk analysis * Compliance testing * Knowledge of information security standards, rules, and regulations related to Information ...
Network penetration testing * Application vulnerability assessments * Risk analysis * Compliance testing * Knowledge of information security standards, rules, and regulations related to Information ...
$22K - $34.9K
0% of jobs
$34.9K - $47.9K
0% of jobs
$47.9K - $60.8K
2% of jobs
$60.8K - $73.8K
3% of jobs
$73.8K - $86.8K
1% of jobs
$98.7K is the 25th percentile. Wages below this are outliers.
$86.8K - $99.7K
20% of jobs
$99.7K - $112.7K
14% of jobs
The median wage is $117.5K / yr.
$112.7K - $125.6K
26% of jobs
$134.8K is the 75th percentile. Wages above this are outliers.
$125.6K - $138.6K
13% of jobs
$138.6K - $151.6K
13% of jobs
$151.6K - $164.5K
9% of jobs
$22K
$117.1K
$164.5K
As a penetration tester, your job is to test the security of a network by attempting to hack into an application, system, or computer. Penetration testing can occur in a variety of ways, from physical interaction with the machine you’re trying to hack to attacks sent over the web. Aside from helping clients test for vulnerabilities, your job also includes explaining how you got in and providing recommendations for stopping others from repeating your actions. In some cases, you may be asked to help investigate cyber crimes or explain methods and techniques in criminal trials. Success in this job is often measured by how many security holes you find and close.
| Aspect | Penetration Tester | Vulnerability Analyst |
|---|---|---|
| Certifications | OSCP, CEH, GPEN | CVE, CISSP, GIAC |
| Work Environment | Hands-on testing, simulated attacks | Vulnerability scanning, risk assessment |
| Employer & Industry | Cybersecurity firms, IT departments | Security teams, compliance agencies |
| Search & Comparison Intent | Understanding testing roles, skills | Identifying vulnerabilities, analysis methods |
While both roles focus on cybersecurity, a Penetration Tester actively exploits vulnerabilities to test security defenses, whereas a Vulnerability Analyst identifies and assesses weaknesses without exploiting them. Penetration Testers typically perform simulated attacks, requiring hands-on skills and certifications like OSCP or CEH. Vulnerability Analysts focus on scanning and reporting vulnerabilities, often working with tools like Nessus or Qualys. Both roles are essential for a comprehensive security strategy but differ in approach and responsibilities.
PowerPlan is looking for every opportunity to help our customers and prospects gain more value from our suite of software solutions. We are seeking a Senior Security Analyst / AppSec Specialist to join our Information Security & Compliance team. This is a hands-on, high-impact role responsible for strengthening our application security posture, driving vulnerability management maturity, and supporting security operations across our cloud-hosted SaaS environment. The successful candidate will serve as a technical security practitioner embedded within our engineering and operations ecosystem, partnering closely with DevOps, product, and compliance teams.
To be successful in this role, you should have extensive experience with CrowdStrike Falcon, including its Next-Gen SIEM, Data Protection, CSPM, and Threat Intelligence capabilities, as well as experience coordinating penetration tests and running vulnerability assessments with Qualys. You should have hands-on experience with Rapid7, CI/CD pipeline hardening, cloud security in AWS and/or Azure, and security architecture. Experience implementing process improvements and driving program maturity aligned with NIST CSF 2.0 is essential. You should also have excellent communication, problem-solving, and analytical skills, as well as the ability to work independently and as part of a team.
COMPANY
PowerPlan specializes in enterprise software solutions used by organizations with complex financial, regulatory, and operational needs. We deliver secure, cloudhosted SaaS products that help customers manage critical workflows with accuracy, transparency, and compliance.
The security team plays a central role in protecting customer trust, enabling rapid product innovation, and ensuring alignment with frameworks such as SOC 2, ISO 27001, and NIST CSF 2.0. We operate in a collaborative environment that values technical depth, continuous improvement, and responsible innovation.
ResponsibilitiesKEY PERFORMANCE OBJECTIVES (First 12 Months)
OBJECTIVE 1: Implement a Centralized Application Vulnerability Management Platform (First 120 Days)
Outcome:Deploy a consolidated platform (e.g., DefectDojo) that aggregates SAST, DAST, SCA, penetrationtesting, and manualreview findings within 120 days. Ensure all engineering teams have visibility into normalized, prioritized findings, with assignment and SLA workflows in place. Produce monthly reports showing coverage, SLA adherence, and remediation progress.
Impact:Provides a "single pane of glass" that enables consistent prioritization, eliminates fragmented tooling silos, and measurably reduces MTTR for application vulnerabilities. Improves audit readiness and strengthens engineering alignment by creating a unified source of truth for risk decisions.
How:Evaluate and implement the platform, integrate scanning tools and pentest reports, configure crossteam workflows, onboard engineering groups, define remediation SLAs, and publish monthly dashboards to engineering and security leadership.
OBJECTIVE 2: Lead the Annual Application + Cloud Penetration Testing Program (Annual Cycle)
Outcome:Coordinate annual penetration testing for web applications, APIs, and cloud environments; ensure final reports are processed within 30 days. Track remediation and retesting and ensure all critical/highrisk findings are addressed within SLA. Maintain auditready documentation for compliance teams.
Impact:Ensures independent validation of application and cloud security posture, reduces exploitable weaknesses, and directly supports SOC 2 and ISO 27001 evidence requirements. Builds leadership confidence through measurable remediation accountability.
How:Manage vendor selection and scoping, coordinate technical access and test data, review findings, facilitate engineering remediation, validate fixes, capture evidence, and update Confluence with all required artifacts and timelines.
OBJECTIVE 3: Implement a Standardized Security Architecture Review Process (First 120 Days)
Outcome:Establish and operationalize a designreview process for all major new product features and thirdparty integrations within 120 days. Produce documented review artifacts, identified risks, and required remediation actions for development teams. Ensure findings are incorporated before release.
Impact:Reduces latecycle rework, prevents designlevel security gaps, and embeds security as a natural part of the product development lifecycle. Improves release confidence and accelerates secure deployment across the SaaS platform.
How:Create templates, facilitate threatmodel discussions (e.g., STRIDE), review integration risks, track remediation items, collaborate with engineering leads, and maintain documented review outcomes in shared repositories.
OBJECTIVE 4: Drive Measurable Maturity Improvements Aligned to NIST CSF 2.0 (First 12 Months)
Outcome:Deliver measurable improvements across NIST CSF functions through documented workflows, baseline control assessments, performance metrics, and quarterly KPI reporting. Create repeatable processes and auditready artifacts across Identify, Protect, Detect, Respond, and Recover.
Impact:Strengthens the formal structure and reliability of the security program, reduces operational and compliance risk, and enhances readiness for SOC 2 and ISO 27001 by demonstrating consistent, evidencebased maturity growth.
How:Assess current control gaps, standardize repeatable workflows, document runbooks and procedures, collaborate with engineering and compliance, automate where practical, and present quarterly maturity dashboards.
OBJECTIVE 5: Strengthen CrossFunctional Collaboration Across Dev, CloudOps, IT & Compliance (First 6-9 Months)
Outcome:Implement recurring crossteam security syncs, remediation checkpoints, and shared KPI dashboards. Drive measurable improvements in SLA adherence, cloud misconfiguration reduction, recurringvulnerability prevention, and overall operational alignment.
Impact:Builds unified, organizationwide ownership of security responsibilities, accelerates remediation cycles, and reduces risk introduced by siloed decisions or inconsistent practices.
How:Establish communication cadences, run joint review sessions, align remediation expectations, publish shared dashboards, and deliver clear visibility to leadership on crossteam security performance.
QualificationsWHAT YOU BRING
PowerPlan is an EOE"
Applicant and Candidate Privacy Notice
Please note that this is a hybrid role that involves a combination of onsite work from our corporate office as well as work from home. While we strive to accommodate flexible working arrangements when sensible, there will be times when onsite work is required. This could include scheduled office days, team meetings, client meetings, or special events.
Employment Type: OTHERSourced by ZipRecruiter
Software development
201 - 500 Employees
Atlanta, GA, US
1994