Join Our Mission: To Save the World from Unsafe Mobile Apps! NowSecure is the mobile app security software company trusted by the world’s most demanding organizations and most advanced security teams. As the standards-based mobile app risk management company, NowSecure protects the Mobile App Economy. The world’s most demanding organizations, innovative mobile developers and advanced security, privacy, safety and compliance teams entrust NowSecure to safeguard millions of mobile app users across banking, insurance, high tech, IoT, retail, hospitality, energy and government sectors. Only NowSecure delivers continuous security and compliance with the depth, speed, accuracy, and efficiency to meet modern business demands. Dedicated to the open-source community and standards including OWASP,and NIAP, NowSecure is SOC 2 certified and recognized by IDC, Deloitte, Gartner and TAG Cyber.www.nowsecure.com YOUR OPPORTUNITY We’re looking for a Senior Application Security Analyst — a hands-on pentester who thrives on technical challenges, thinks creatively under pressure, and has an insatiable curiosity for how things work (and how they break). If you’re the kind of person who spins up a quick Python script to automate a test, roots a phone just to see what’s inside, or finds joy in reverse engineering an app at 2 AM — you’ll fit right in. In this role, you’ll hunt vulnerabilities, dissect mobile apps and APIs, and collaborate with a team of world-class testers who live and breathe offensive security. You’ll also help evolve our methodologies, develop new tooling, and contribute to NowSecure’s cutting-edge research across mobile, web, and connected systems. WHAT YOU’LL DO - Perform hands-on penetration testing of mobile apps (iOS/Android), APIs, web apps and connected ecosystems (IoT, automotive, medical, wearable). - Conduct vulnerability assessments and reverse engineering using tools like Burp Suite, Frida, mitmproxy, Ghidra, Radare2, IDA, or custom scripts. - Create clear, actionable technical reports that communicate findings and remediation guidance to both developers and security teams. - Act as a trusted advisor to customers, helping them make informed, risk-based decisions about their mobile and app security posture - Build or adapt custom scripts, fuzzers, or automation tools to make testing faster, smarter, and more reliable. - Collaborate with teammates to refine methodologies, share research, and continuously push the boundaries of mobile and web security testing. - Tackle complex problems with creativity; when something doesn’t work, figure out another way. “Scrappy” is a skill set here, not a slogan. WHO YOU ARE You’re a technical problem-solver who thrives on exploration and experimentation. You’re comfortable diving into unfamiliar codebases, debugging network traffic, and learning new tools on the fly. You’re not a button pusher; you’re the kind of tester who asks why something works (or doesn’t) and can pivot quickly when the usual tools fall short. You can translate technical detail into clear communication and enjoy mentoring or collaborating with others. You take ownership, seek out challenges, and are never satisfied with “good enough.” REQUIREMENTS (You must have … ) - Bachelor’s degree in a technical field or 6–8 years of equivalent security experience. - 2+ years of experience in penetration testing or vulnerability assessment of mobile, web, or IoT apps/devices. - Deep understanding of OWASP MASVS / MASTG and app security fundamentals. - Strong experience with intercepting and analyzing traffic using tools like Burp Suite, mitmproxy, ZAP, Charles, or Fiddler. - Proficiency in mobile device rooting/jailbreaking and familiarity with iOS and Android internals, or equivalent hands-on experience in web application penetration testing or firmware reverse engineering. - Strong scripting or development experience (e.g., Python, Java, JavaScript, Ruby, or PowerShell). - Solid grasp of network and web fundamentals — TCP/UDP, HTTP requests, headers, cookies, APIs, and authentication flows. - Excellent technical writing and documentation skills. - Comfort working with Linux, Windows, and macOS environments. - A self-starter mindset - able to work independently, manage multiple projects, and find creative solutions to tough problems. - A demonstrated drive to learn, experiment, and stay on the cutting edge of mobile and appsec trends. DESIRED SKILLS (Stand out from the crowd…) - Familiarity with DAST/SAST tools, mobile instrumentation (e.g., Frida), and dynamic analysis. - Professional services or consulting experience. - Prior security research or exploit development experience. - Knowledge of system/network security, authentication, and applied cryptography. - Familiarity with Frida, Binary Ninja, Radare2, or IDA Pro. - Experience testing in AWS, Azure, or GCP environments. - Contributions to open-source security projects or published research. - Past public speaking experience (conferences, podcasts, etc) - One or more active certifications such as: - Infosec Certified Mobile and Web Application Penetration Tester (CMWAPT) - Offensive Security Web Expert (OSWE) - Offensive Security Certified Professional (OSCP) - GIAC Certified Penetration Tester (GPEN) - GIAC Certified Web Application Defender (GWEB) - GIAC Web Application Penetration Tester (GWAPT) - INE Web Application Penetration Tester eXtreme (eWPTX) - GIAC Mobile Device Security Analyst (GMOB) - 8kSec Certified Mobile Security Engineer (CMSE) - INE Mobile Application Penetration Tester (eMAPT) - TCM-SEC Mobile Application Penetration Testing BONUS POINTS (You have our attention…) - Experience with LTE / GSM protocols or 5G network analysis. - Prior experience using NowSecure tools. - Master’s degree in Computer Science, Cybersecurity, or related field. WE VALUE DIVERSITY We believe that the best ideas come from teams where diverse points of view uncover new solutions to hard problems. We welcome and value team members who bring diverse life experiences, educational backgrounds, cultures, and work experiences. COMPENSATION & BENEFITS - The salary band for this position ranges is competitive and commensurate with experience and performance. This position will be eligible for a competitive annual bonus and equity package. - Comprehensive Medical/Dental/Vision coverage - 401K Plan + Company Match - Remote work flexibility - Home Office Stipend - Paid Parental Leave - Flexible PTO

• Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices. • Interface with internal partner teams to help drive best practices and compliance. • Evaluate and perform Risk Assessments of new software solutions with internal partners. • Drive deployment of new systems/solutions as needed. • Write procedure documentation for end users as needed to facilitate process improvement. • Help develop IT security training content and drive completion of required security training in collaboration with Human Resources. • Respond to complex security questionnaires, RFP/RFI requests, and client audits. • Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks. • Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges. • Perform risk oversight tasks of vendor security compliance. • Help run internal, external and vendor related audits. • Conduct security analysis of deployed software. • Monitor for risks to the enterprise and to implemented controls. • Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks. • Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates. • Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks. • Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement. • Perform Access Reviews.

Role Description Du analysierst und bekämpfst Cyber-Security-Angriffe und trägst maßgeblich zur Absicherung komplexer IT-Landschaften bei. - Du identifizierst, bewertest und priorisierst Sicherheitsereignisse und leitest daraus gezielte Maßnahmen ab. - Du untersuchst neue Angriffstechniken und entwickelst gemeinsam mit dem Team wirksame Abwehrstrategien. - Du verbesserst unsere Erkennungsmechanismen und optimierst unseren Service aktiv z.B. durch Automatisierungen und Incident Enrichment. - Du bist aktiv in der Kundenkommunikation und unterstützt unsere Kunden bei sicherheitsrelevanten Fragestellungen. - Du bist Teil der IT-Security-Community, behältst aktuelle Trends im Blick und bringst neue Impulse ins Team. Qualifications - Du hast bereits mindestens zwei Jahre aktiv in einem Security Operations Center oder BlueTeam Erfahrung gesammelt. - Du besitzt gute Kenntnisse im Bereich Endpoint Detection & Response und SIEM/SOAR Lösungen – Idealerweise im Microsoft Security Stack von Defender for Endpoint bis Microsoft Sentinel. - Du bleibst auch in angespannten Situationen gelassen und hilfst den Kunden schwierige Situationen durchzustehen. - Du arbeitest gerne im Team und bist nicht konfliktscheu. - Du gehst analytisch und strukturiert an neue Situationen heran und hast eine gute Auffassungsgabe. - Du bringst sehr gute Deutsch- und Englischkenntnisse in Wort und Schrift mit. Benefits - Ausstattung mit neuem, leistungsfähigem IT-Equipment inkl. Homeoffice-Equipment, Merchandise wie Rucksäcke/Laptoptaschen, Poloshirt und Funktionsjacke. - BAV, Berufsunfähigkeit, Gruppenunfallversicherung. - Betriebliches Gesundheitsmanagement (Jobrad, Coaching, benefit@work etc.). - 30 Tage und diverse Sondertage (z.B. Hochzeit, Geburt). - berufundfamilie zertifiziert, Kindergartenzuschuss. - Persönliche und berufliche Weiterentwicklung durch zahlreiche Personalentwicklungsformate (z.B. Mentoring, Collaboration Labs, Entwicklungspläne etc.). - Corporate Benefits & Pluxee-Card. Company Description Die Tätigkeit kann auch remote durchgeführt werden, idealerweise in der Nähe unserer Standorte, Nürnberg oder Köln. Die Tätigkeit ist unbefristet und in Vollzeit zu besetzen. Bei Proact leben wir #WinAsOne – denn wir sind überzeugt, dass Vielfalt, Chancengleichheit und eine respektvolle Zusammenarbeit die Grundlage für gemeinsamen Erfolg bilden. Daher begrüßen wir alle Bewerbungen, unabhängig von Herkunft, Geschlecht, Alter, Religion, Behinderung, sexueller Orientierung oder Geschlechtsidentität. Solltest du beim Bewerbungs- oder Interviewprozess Unterstützung benötigen, wende dich gerne an jobs@proact.de.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description As a member of Premera’s Special Investigations Unit (SIU), the Investigator III leads complex investigations into allegations of external fraud, waste, and abuse (FWA). This role manages medium to high complexity cases from initiation through resolution, producing thorough, well-documented investigative reports that may be subject to legal discovery. The Investigator III conducts detailed analysis, collaborates closely with SIU colleagues, and balances multiple investigations simultaneously. In this role, you will also work to identify and recover improper payments resulting from fraudulent or misrepresentative billing, while ensuring all investigative activities comply with company policies, regulatory requirements, and applicable laws. - Analyze healthcare claim data and vet referrals to detect fraudulent activity and independently determine the most effective and efficient method of investigation for each individual case. - Perform investigative field work to include on-site office visits, record collection, and surveillance. - Interview suspects and witnesses. - Prepare cases, testify and give depositions to law enforcement and regulatory agencies for potential criminal prosecution. - Participate in settlement negotiations with attorneys and other responsible parties. - Perform root cause analysis of identified issues and prepare post-investigative reports directed towards the prevention of fraud. - Make recommendations for creating SIU policies, procedures, workflows and process improvements. - Develop and maintain collaborative and liaison relationships with Blue Cross Blue Shield Association (BCBSA), Blue Cross Blue Shield (BCBS) Plans, HHS OIG, other carriers' anti-fraud professionals, law enforcement and regulatory agencies. - May attend webinars and conferences like BCBSA, National Health Care Anti-Fraud Association (NHCAA), and Association of Certified Fraud Examiners (ACFE) to keep apprised of developments in health care fraud. Qualifications - Bachelor’s degree in business administration, health care administration, finance, accounting, nursing or criminal justice or (4) years of work experience in field of study. (Required) - (3) years of experience in fraud investigation, special investigation unit, or a related field. (Required) - Certified Professional Coder (CPC), Certified Fraud Examiner (CFE), or Accredited Health Care Fraud Investigator (AHFI). - Two (2) years of active experience in auditing and investigating in the healthcare industry. - Significant experience with relevant technology, such as background check systems, claims processing platforms, data mining, and fraud detection software. - Demonstrated knowledge of institutional and/or professional payment methodologies. - Strong understanding of health insurance reimbursement methodologies, including familiarity with International Classification of Diseases (ICD-10 CM), Current Procedural Terminology (CPT), and Healthcare Common Procedure Coding System (HCPCS). - Strong computer aptitude and experience with spreadsheet and database software, e.g., Excel, Access, Focus. - Demonstrated strong technical writing skills - ability to write reports and business correspondence and to prepare case files. - Ability to exercise a very high level of discretion when handling sensitive information. Benefits - Medical, vision, and dental coverage with low employee premiums. - Voluntary benefit offerings, including pet insurance for paw parents. - Life and disability insurance. - Retirement programs, including a 401K employer match and a pension plan that is vested after 3 years of service. - Wellness incentives with a wide range of mental well-being resources for you and your dependents, including counseling services, stress management programs, and mindfulness programs. - Generous paid time off to reenergize. - Tuition assistance for both undergraduate and graduate degrees. - Employee recognition program to celebrate anniversaries, team accomplishments, and more. - For our hybrid employees, our on-campus model provides flexibility to create your own routine with access to on-site resources, networking opportunities, and team engagement. - Commuter perks make your trip to work less impactful on the environment and your wallet. - Free convenient on-site parking. - Subsidized on-campus cafes make lunchtime connections with colleagues fun and affordable. - Participate in engaging on-site activities such as health and wellness events, coffee connects, disaster preparedness fairs and more. - Our complementary fitness & well-being center offers both in-person and virtual workouts and nutritional counseling. - Need a brain break? Challenge someone to a game of shuffleboard or ping pong while on campus.