Vacancy expired!
Description
Position at Clear Capital As a Security Engineer specializing in application security testing, you will perform authorized dynamic and static application security tests on web applications, mobile applications, microservices, and open source code in order to expose weaknesses in their design open to exploitation. At the direction of the Offensive Security Team Lead, you will plan and conduct application security testing engagements on internal and external web applications, mobile applications, microservices, open source code, APIs, and web services.Primary Duties and Responsibilities As an application security tester, you'll understand complex computer systems and technical cyber security concepts. You'll need to:- Work with internal teams to determine testing activities, for example the number and type of applications in scope for testing
- Plan and carry out application security testing in all phases of the software development life cycle
- Carry out testing to expose weakness in application security and secure coding practices
- Create reports and recommendations from your findings, including the security issues uncovered and level of risk
- Identify problems, you may also provide advice on how to minimize risks and provide advice on methods to fix or lower security risks to systems
- Present your findings, risk and conclusions to stakeholders
- Consider the impact your testing will have on the business and its users
- Understand and effectively communicate how the flaws you identify can affect the business, or business function, if they're not fixed
- Computer Science
- Computing and Information Systems
- Cybersecurity
- If your degree is in an unrelated subject, in-depth knowledge of computer operating systems with demonstrable skills in compromising computer systems is required
- Any of the following certifications are highly desired:
- EC-Council Certified Application Security Engineer (CASE)
- GIAC Certified Web Application Defender (GWEB)
- (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP)
- Verifiable experience with:
- Dynamic Application Security Testing (DAST)
- Static Application Security Testing (SAST)
- Open Source Security (OSS) testing
- Experience testing web applications for OWASP Top Ten security vulnerabilities.
- A thorough understanding of the Software Development Life Cycle (SDLC)
- An In depth understanding of computer systems and their operation
- Excellent spoken and written communication to explain your methods to a technical and non-technical audience
- Attention to detail, to be able to plan and execute tests while considering requirements
- The ability to think creatively and strategically to penetrate security systems
- Good time management and organizational skills to meet deadlines
- Ethical integrity to be trusted with a high level of confidential information
- Teamwork skills, to support colleagues and share techniques
- Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done
- Business skills to understand the implications of any weaknesses you find
- Commitment to continuously update your technical knowledge base
- SAST (VeraCode, Checkmarx, or Fortify on Demand)
- DAST (Rapid7 - Insight AppSec, Qualys WAS, Acunetix, Appscan, or WebInspect)
- OSS (Blackduck, Snyk, or SonaType)
- Interactive Application Security Testing (Contrast.io, Seeker, or any IAST tool)
- Burp Suite
- OWASP ZAP
- Jira
- Jenkins
- Bitbucket
Vacancy expired!