We have an opportunity for an Penetration Tester?working with a large line of business that is currently supporting enterprise application security. We are seeking energetic, talented individuals that have a desire to help transform customer requirements supporting the mission critical security services.
The? Penetration Tester responsibilities will include:
Conduct platform or operating system vulnerability scans to assess exposure of system to attacks or hacking. Respond to questions regarding viral activity, concerns about spam/phishing etc. Produce reports.
Design, plan and implement test strategies to support the core infrastructure in the contingency environment for all critical business applications to ensure business continuity in the event of a major business interruption or disaster.
Lead projects as related to technology refresh/evaluation such as Load Balancing and SSL technology. Research corrective measures (long term solutions) needed for any chronic issues identified that compromise security of particular systems or platforms.
Serve as technical lead or project lead in projects involving testing defenses against hacking, Denial of service, spam, break-ins, or related attacks. Provide technical guidance to less senior staff or applications developers/systems administrators.
Proactively research emerging cyber threats. Apply analytical understanding of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks and exploits.
Perform network traffic analysis utilizing raw packet data, net flow, IDS, and custom sensor output as it pertains to the cyber security of communications networks.
Demonstrable knowledge of Application security, risk assessment, validation of security penetration/Dynamic test results, static code testing/scanning/analysis and vulnerability resolution
Demonstrable knowledge of secure coding practices and the ability to conduct security assessments and analysis of applications
Ability to identify security requirements for applications and services and to effectively communicate requirements to application development teams and application/business owners
Ability to review application source code for vulnerabilities, using both manual and automated code scanning techniques
Ability to identify and explain the risks associated with common application vulnerabilities, demonstrate exploitation, and recommend mitigation options
Ability to initiate and promote activities to foster Information Security awareness and education among application development
Information security and application security or application development experience
Ability to coordinate activity among multiple teams, both technical and non-technical
Strong verbal and written communications skills; comfortable briefing senior management
Strong interpersonal skills for developing relationships with individuals and teams across the enterprise
Strong understanding of fundamental Application Security concepts, including common types of attacks and exploitation techniques
Experience with various application security tools (name a few--BURP, ZAP, Kali, WebInspect/AppScan, dependency check, fortify, Sonatype)
Solid understanding of common web and systems application vulnerabilities
Familiarity with key security concepts/frameworks such as OWASP, CVE, and CVSS
Familiarity with emerging applications security exploits and willingness to research them
Thorough understanding of application architecture and supporting component
Familiarity with AWS and containers is preferred but not required
Prior development background is preferred but not required
Familiarity with Mobile application security assessment preferred but not required
Familiarity with security automation preferred but not required