Our client, a leading financial services company is hiring for an Engineer on a long term contract basis.
– Collaborate with software development, system engineering and security architect peers to continually improve the security posture of applications and ensure the proper implementation of the security controls.
– Innovate new application security testing methods and support team effort to leverage tools and develop effective process to automate the security test cases.
– Serves as a Subject Matter Expert (SME) in web application security for organizational projects during the application development phase.
– Provide guidance, support, testing and recommendations to ensure secure application release.
– Configure, run and monitor automated security testing tools
– Perform manual validation of vulnerabilities
– Perform manual penetration testing of Web applications, Mobile applications, Thick clients and APIs Thoroughly document exploit chain/proof of concept scenarios for internal client consumption
These skills will help you succeed in this role:
– A degree or certificate in management information systems, cyber security, mathematics, computer science or related field or 10+ years of relevant information security experience
– Experience in security testing web applications, API and mobile platforms manually.
– Familiarity with vulnerability assessment, remediation and penetration testing best practices
– Experience using Burp Suite and its extensions in penetration testing
– Development experience, working knowledge of Java. Excellent analytical and debugging skills.
– Excellent communication skills
Even Better If You Have
– Have or desire to obtain one or more security-related certifications such as Certified Information Systems Security Professional (CISSP), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCEH), Offensive Security Certified Expert (OSCE), and Offensive Security Certified Professional (OSCP)
– Experience with Linux operating systems
– Experience with Mobile application programming
– Experience with Web application technologies Experience with Source code analysis software
– Experience with Cloud Security (Azure/AWS Security Controls)
– Experience with Scripting languages (preferably Python)Diversity Inclusion and Social Responsibility