Vacancy expired!
- Experience documenting app/system issues and presenting results to technical and non-technical management teams
- Experience with a combination of the following: C or C++/Java/Ruby/ASM/other languages, scripting languages (Bash, Perl, Python), web application testing/exploitation, database testing/exploitation (SQL, Oracle, MongoDB, Hadoop, etc.) and/or cloud instance testing/exploitation
- Bachelor's degree in computer science, information technology or a related field or equivalent experience
- Ability to utilize a wide variety of tools for looking for application issues, either from a quality assurance or testing perspective
- Working knowledge of common commercial and/or open-source penetration testing toolkits and techniques
- Understanding of how web applications work, development practices, etc.,
- Strong organizational skills and the ability to track multiple projects to completion
- Ability to maintain strict confidentiality
- Possess a high sense of urgency
- Impeccable organization and interpersonal communication skills
- Analytical thinking skills
- Ability to be thorough and detail-orientated
- Ability to look at all situations objectively; loves to challenge assumptions, and has an intense curiosity
- Ability to work independently without supervision
- Ability to work efficiently and accurately in a fast-paced environment
- Experience in an information security, software engineering, development or quality assurance role
- Experience in process scripting using Python
- Cloud-proficiency: Understanding of how to test against native services of cloud providers
- Knowledge of 1 or more web application languages (.Net, PHP, JavaScript, etc.)
- Knowledge of Burp Suite
- Understanding of the OWASP Top 10
- Knowledge/Experience in basic app building in large PaaS platforms, such as ServiceNow, Salesforce, Netsuite, etc.,
- GIAC, OSCP or other relevant information security certification
- Work with development teams to build and execute scan profiles of applications
- Build methods to automate basic assessments and results delivery to speed visibility for stakeholders
- Collaborate with information security penetration testers on penetration testing of applications, servers or infrastructure
- Identify additional preventative and detective controls to implement or consider
- Deliver results, as needed, to application owners, risk team, project coordinators and clients in a clear, consistent way, using multiple forms so that teams can immediately begin remediation with no ambiguity
- Aid in testing new technologies during proofs of concept to ensure that product claims and abilities meet the company's needs
- Take part in purple team exercises with other information security team members to increase visibility and preparedness and tweak existing controls
- Promote a risk-aware culture through promoting risk-appropriate practices and controls
- Keep up-to-date on new, emerging exploits/vulnerabilities and track against internal vulnerabilities
Vacancy expired!