Sr SDET-Security_WB

Role:
  • Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for clients
  • Perform security reviews of application designs, source code and deployments as required; covering all types of applications (web application, web services,  thick client applications)
  • Review and define requirements for information security improvements
  • Work on improvements for provided security services, including the continuous enhancement of existing testing methodologies, materials and supporting assets
  • Conduct architecture security reviews, application testing, internal vulnerability assessments and external penetration testing modeled after real world attackers (i.e., exploit and pivot)
  • Conduct security architecture reviews of the full stack including applications built on cloud and emerging technologies
  • Conduct manual application security testing and source code auditing for a variety of technologies.
  • Provide clear and detailed risk assessment and remediation guidelines for developers and business leaders
  • Other responsibilities include:
  • Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks
  • Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
  • Develop tools and exploits to support application security review and/or penetration testing.

Required:
  • ​Bachelor's degree and at least 8+ years of experience in testing web applications and enterprise penetration testing.
  • Experience with scripting languages (e.g. perl, python, PHP, ruby) and programming languages (e.g. JAVA, Objective C).
  • Ability to explain networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback to clients.
  • Background in web application development and/or code auditing strongly preferred.
  • Strong verbal & written communication skills.
  • Passion for discovering and researching new vulnerabilities and exploitation techniquesVulnerability and threat management experience.
Experience with various security tools and products (AppScan, Nessus, Wireshark, Burp Suite, HP Web Inspect)
  • Good understanding of the components of a secure DLC/SDLC
  • Vulnerability analysis and application reversing skills
  • Understanding of cryptography principles


Remind me to apply later

Want to apply later?

Type your email address below to receive a reminder

ErrorRequired field

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
Error
Error
insert_drive_file
insert_drive_file