Cyber security

HiHope you are doing well Client: IBMLocation: Remote The Senior Security Controls Verification Specialist is responsible for assisting the Lead for the Security Controls Verification team in helping to define the strategic approaches used by the team to support how we develop our differing approaches to the methodologies used for security & risk controls requirements validations and automated testing. This role will assist in helping to perform hands-on penetration testing and security testing against applications, networks, and wireless environments. This role is a senior practitioner with extensive experience in security testing and will also involve helping the creation of scripts and automated security tests. The ideal candidate is passionate about breaking into any system or application, consistently working to improve the security of the products tested during engagements. Responsibilities:- Perform offensive security testing of applications, both manual and automated.- Perform network security testing for networks, infrastructure, and servers.- Guides the strategy, approach and development of robust security & risk controls verification techniques and capabilities, which will be aligned to our controls requirements frameworks and objectives defined by the Security & Threat Solutions Strategy team.- Provide remediation guidance to the impacted solution or network owners.- Support the risk assessment processes by weighing in as technical security SMEs. Qualifications:- 5+ years of experience penetration testing applications- 3+ years penetration testing networks- Strong capabilities in identifying and exploiting web vulnerabilities, especially the OWASP top 10- Scripting experience in Bash, Java, .Net, Python or Ruby- Experience finding vulnerabilities in both off-the-shelf and open-source components- Experience testing web applications & thick applications- Strong understanding of network protocols, routing, firewalls, and network security technologies.- Experience in exploitation, Firewall bypasses, antivirus evasion- Ability to communicate with stakeholders at multiple levels, including remediation for vulnerabilities identified.- Ability to write clear reports on solutions or networks tested- Secure code review experience is preferred- OSCP/OSWE preferred- Experience with secure development and security features required by cloud infrastructure is preferred- Clear understanding of the challenges offered by information security, privacy, and compliance- Strong working knowledge of structured security guidelines Generic Skills:- Demonstrates excellent organizational direction, time management, problem-solving, prioritization, goal setting, leadership, motivation, negotiation, and interpersonal relations- Works well under pressure and within time/budget constraints to solve problems or meet objectives - Strong analytical/problem-solving skills and cross-functional knowledge across multiple IT operational and security disciplines - Must possess a high degree of integrity, be trustworthy, and have the ability to lead and inspire change