Your Future. Secured. ISC2 is a force for good. As the world’s leading nonprofit member organization for cybersecurity professionals, our core values — Integrity, Advocacy, Commitment, Diversity, Equity & Inclusion and Excellence — drive everything we do in support of our vision of a safe and secure cyber world. Our globally recognized, award-winning portfolio of certifications provide an independent and globally recognized endorsement of cybersecurity knowledge, skills and experience for all career levels. Our charitable arm, the Center for Cyber Safety and Education, enables ISC2 and our members to serve the public by educating the most vulnerable about cyber risks and empowering access to enter and thrive in the cyber profession. Learn more at ISC2 online and connect with us on Twitter, Facebook and LinkedIn. When you join ISC2, you’ll demonstrate your commitment to an inclusive and equitable environment. Your support of the unique perspectives and experiences shared by our global cybersecurity workforce and profession will be recognized. We invite you to take an active role in helping us create a true sense of belonging across our organization — an environment of authenticity, trust, empowerment and connectedness that empowers all of our successes. Learn more.

The Web, E-Commerce & Testing Automation Engineer will work closely with developers, security analysts, and IT teams to proactively detect and mitigate security risks. They will design and implement automated testing frameworks, streamline security assessments, and ensure that our digital platforms meet the highest security standards. This incumbent will be responsible for enhancing the security and resilience of our web and e-commerce platforms by developing and automating penetration testing processes.

• Conduct automated and manual penetration tests on web and e-commerce applications to identify vulnerabilities and security risks. 
• Develop and implement automated testing frameworks and scripts to streamline the penetration testing process. 
• Perform performance load tests and maintain performance baselines using various tools.
• Collaborate with development and operations teams to remediate identified security issues. 
• Monitor and analyze security alerts and logs to detect potential threats or breaches. 
• Stay current with industry trends, emerging threats, and best practices in web and e-commerce security. 
• Document and report findings, providing detailed recommendations for improving security posture. 
• Conduct security assessments and audits to ensure compliance with relevant standards and regulations. 
• Support an inclusive culture that encourages, supports and celebrates diversity, equity, and inclusion; serve as a role model to promote DEI best practices.
• Perform miscellaneous duties as assigned.

• Proficiency in scripting languages such as Python, Ruby, or JavaScript.
• Familiarity with tools and frameworks such as OWASP ZAP, Burp Suite, Selenium, and Jenkins.
• Strong understanding of web application architecture, e-commerce platforms, and common vulnerabilities (e.g., XSS, CSRF, SQL injection).
• Knowledge of DevSecOps practices and integration of security into CI/CD pipelines preferred. 
• Understanding of regulatory requirements such as GDPR, PCI-DSS, and HIPAA preferred. 
• Excellent analytical and problem-solving skills.
• Effective communication skills, with the ability to explain technical concepts to non-technical stakeholders.

• Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field.
• At least 2 years of experience in web and e-commerce security, with a focus on penetration testing and automation.
• Experience with security assessment methodologies and tools.
• Experience with cloud security, particularly AWS or Azure preferred.
• Experience with automation tools and Burp Suite is a plus. 
• Relevant certifications such as CEH, OSCP, CISSP, or similar are a plus. 

• Up to 5% travel may be required.
• Work normal business hours and extended hours when necessary.
• Remain in a stationary position, often standing or sitting, for prolonged periods.
• Regular use of office equipment in a remote environment such as a computer/laptop and monitor computer screens.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, and other computer components.

All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.