Taxwell helps everyday Americans get every tax advantage they deserve by finding credits and deductions they never even knew existed. Our tax preparation software offers easy guidance and ensures your maximum tax refund. We strive to build a team of like-minded experts in both tax and technology who align with our brand purpose, are advocates for our customers and have a fresh, non-traditional approach to the tax industry.

We are seeking a skilled Application Security Penetration Tester to take the lead in assessing and reducing our external attack surface. In this hands-on role, you will conduct penetration testing, proactively identify vulnerabilities across AWS and Azure environments, and integrate security best practices across our systems and applications.

You’ll bring an offensive security mindset to application security and threat detection, with the ability to uncover vulnerabilities before adversaries do.

You will also stay up to date on cybersecurity best practices, open-source intelligence (OSINT) methodologies, and emerging attack surface management trends through continuous professional development and training.

Key Responsibilities:

Attack Surface Management

• Continuously discover, catalog, and assess assets across cloud infrastructure, applications, and third-party services.
• Analyze and prioritize risks based on potential business impact.
• Collaborate with engineering, DevOps, and product teams to remediate findings and drive secure-by-design initiatives.
• Optimize ASM tooling and processes to enhance detection and response capabilities.

Offensive Security & Vulnerability Assessment

• Perform penetration testing on applications, APIs, cloud services (AWS/Azure), and infrastructure.
• Use offensive techniques to identify vulnerabilities in both internal and external systems.
• Leverage OSINT and threat intelligence to uncover and validate potential exposures.
• Apply CWE, SANS 25, and OWASP Top 10 frameworks to prioritize risks.

Security Operations & Collaboration

• Partner with product development and GRC teams to integrate security into the SDLC.
• Support incident response efforts by contributing to investigations and mitigation strategies.
• Deliver clear, actionable reporting on vulnerabilities and exposures to both technical and non-technical stakeholders.
• Ensure alignment with industry regulations and standards (GLBA, FTC, NIST, etc.).
• Conduct internal security awareness training and promote secure coding practices.

Required Qualifications:

• 3+ years of experience in attack surface management or application security.
• At least 2 years of hands-on experience with AWS and Azure security controls.
• Strong knowledge of application security, secure development, and vulnerability management.
• Practical experience with penetration testing tools (e.g., Burp Suite, Nmap, Shodan, Censys).
• Familiarity with threat modeling and risk-based prioritization.
• Excellent communication skills with experience presenting findings to varied audiences.

Preferred Qualifications:

• 1+ years of experience in ethical hacking or offensive security roles.
• Experience with server, application, and network security hardening.
• Background in secure coding and software development processes.
• Industry certifications such as OSCP, GPEN, GWAPT, GWEB, PenTest+, or cloud security credentials.

At Taxwell, we believe our work benefits from the diverse perspectives of our employees. As such, Taxwell welcomes and celebrates diversity and inclusion and is committed to equal opportunity employment. At Taxwell, you can expect a supportive, open, and inclusive atmosphere and a team that values your contributions.

Taxwell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants without regard to race, color, religion, sex, national origin, age, disability, marital status, sexual orientation, gender identity, veteran status, and any other status protected under applicable law. Taxwell considers information gathered in the hiring process, including information on this application, confidential, and only shares it on a need-to-know basis or as required by law.

If you need assistance or accommodation due to a disability, you may contact us at [email protected] or by calling 828-349-5703 extension 6049 to speak with a member of the HR Talent Acquisition team.