- This role may perform any or all of the following: conducts vulnerability assessments; carries out penetration tests, performs social engineering tests; analyzes technical security weaknesses; performs risk analyses; and develops exploits.
- Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding and encryption.
- Develop tools, techniques, training and countermeasures for computer and network vulnerabilities, data hiding and encryption.
- Application security architecture - Provide development teams guidance and formal security requirements as part of the SDLC process.
- Perform audit related activities as required.
Job Requirements :
- Minimum of 6 years of general work experience and 3 years of relevant experience in functional responsibility.
- Bachelor’s Degree, or an equivalent combination of formal education, experience.
- Must have a strong technical background and understand system architecture and design, operating systems, network infrastructure, software installation on test platforms, software development, database and operating systems.
- Security, Software Development, Networking, and/or Systems Administrator Experience
- Deep understanding of 3-tiered Web Application Architecture
- Manual Penetration Testing Experience (i.e. mapping applications, injecting SQLi, XSS, exploit creation)
- Must have Commercial Web Application Tool Experience (i.e. Burp, AppSpider, AppScan, WebInspect)
- Network Penetration Testing Tool Experience (i.e. Nmap, Nessus, Wireshark, Metasploit, Hydra)
- Exceptional communication skills, with the ability to explain the technical details of OWASP Top 10 and other vulnerabilities with C-levels to developers in a large professional environment
- Experienced with Oracle, Windows and SQL.
- Web Services Security Penetration Testing Experience
- Database Experience (DBA or security penetration testing)
- Software Development and/or Scripting Experience in .NET, C++, Java, C#, perl, python or bash
- Source Code Review (aka Static Analysis) Experience
- Excellent technical writing skills and attention to detail