Kforce's client in the wireless telecommunications space is facing increasing threats of fraudulent activity, particularly via their mobile and web platforms. We are seeking a seasoned Security Engineer who will take a lead role in securing customer-facing front-end applications and backend APIs. This role is deeply embedded in the SDLC, with the expectation that security is considered from requirements gathering through to launch. The ideal candidate will bring strong expertise in ethical hacking, information and network security, and automated testing - with a hacker's mindset to preempt and eliminate vulnerabilities. Key Responsibilities: * Security by Design: Integrate security at every stage of the SDLC, from requirements to deployment across web, mobile, and backend services * Application & API Testing: Conduct security testing on customer-facing web and mobile applications and backend GraphQL APIs * Threat Modeling & Gap Analysis: Identify weaknesses in business logic, process design, or code that could enable fraud; Suggest and document mitigation strategies * Fraud Prevention: Validate fraud scenarios end-to-end, leveraging deep wireless cellular knowledge (SIM swap/device swap issues) * Security Automation: Build and run automated BDD test suites to detect anomalies and validate system behavior. Preferably using tools like Karate * Hacker's Mindset: Think from an attacker's perspective to uncover potential abuse cases and identify manipulated API threads * Cross-Functional Collaboration: Partner with data platform teams and front-end developers to create secure integration contracts * Simulation & Monitoring: Simulate social engineering attacks to test for human-factor vulnerabilities. Monitor secure data flow and activity * Governance & Standards: Develop security policies, standards, and best practices; Provide internal guidance and training on evolving threats and compliance