Pen Tester (DAST)

Responsibilities include:
  • Conduct dynamic application security testing using both manual and automated testing tools. 
  • Review test results from tools 
  • Ensure that automated tests are completed successfully 
  • Configure tools as required to be successful in evaluating applications 
  • Identify and remove any false positives from automated testing tool reports 
  • Triage & Disposition results and enforce a Bug Bar 
  • Verify/validate defect fixes 
  • Provide application security consulting SME Support to developers 
  • Assist developers with understanding of security defects and risk 
  • Assist in defining acceptable solution to fix defects 
  • Communicate Security risk to ISCs and ORCs to document security issues and controls for security planning purposes 
  • Help maintain Security Coding Standards and Bug Bar as required 
  • Assist in the Development of standards as required 
  • Provide training 
  • Stay up to speed on 3rd party (inside and outside client) known security vulnerabilities 
  • Develop and review malicious use cases/threat models 
  • Maintain a broad understanding of security technologies and products 
  • Actively participate on improving the security culture and education throughout the organization 
  • 3+ years of experience in security applications and systems 
  • 3+ years of DAST (Dynamic Application Security Testing) experience 
  • Minimum of 5 years of demonstrated experience with automated penetration tools 
  • Minimum of 5 years of demonstrated experience with manual penetration testing tools 
  • Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization 
  • Advanced Information Security technical skills 
  • Ability to manage complex issues and develop solutions 
  • Excellent verbal and written communication skills 
  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis 
  • Knowledge and understanding of banking or financial services industry 
  • Experience working in a large enterprise environment 
  • Strong analytical skills with high attention to detail and accuracy 
  • Knowledge and understanding of information security industry standards and government regulations 
  • Ability to manage multiple and competing priorities 
  • Ability to work with limited supervision 
  • Ability to take on a high level of responsibility, initiative, and accountability 
  • Good attention to detail and accuracy skills 
  • Strong collaboration and partnering skills 
  • Ability to work weekends and holidays as needed or scheduled
  • Demonstrated experience developing and reviewing malicious use cases/threat models 

Want to apply later?

Type your email address below to receive a reminder

ErrorRequired field

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field