Job Description
This team specializes in conducting deep-dive vulnerability assessments on a variety of applications (Web, Mobile, Thick Client, and APIs) by manually identifying, researching, validating, and exploiting various known and unknown application security vulnerabilities. Core responsibilities include:
Act as a subject matter expert in offensive information security performing white-box application reviews, programming, networking, operating systems, and databases.
Drive remediation by outlining a defense-in-depth approach to business stakeholders and providing strategic solutions to developers on effective security controls and counter measures.
Have strong technical writing and presentation skills to report and articulate the vulnerability assessment results to any audience.
Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.
Must have or be willing to obtain Industry-accredited security certifications such as: GIAC GWAPT, GPEN, OSCP, OSWE, CISSP, GSSP-Java, and/or GSSP-.NET
An ideal candidate will have both a development and security background. However, irrespective of your current role, if you have a Bachelors Degree with a minimum of 5 years of experience and meet most of the above listed requirements, then don't miss this opportunity to join our growing team of expert ethical hackers. If your background is enterprise software development with expertise in technologies such as: Java/J2EE (Spring, Struts, AngularJS), .NET (ASP.NET, C#, Webflow, MVC, WebAPI), Application Infrastructure (Web/Application Servers, Databases, Middleware Components), and exciting new frontiers like Cloud Computing (Google Cloud Platform, AWS, Azure) running Microservices Architecture based applications on containers, then our application penetration testing team is the right place for you! If your background is penetration testing with expertise in application security such as: hands-on ethical hacking using security tools (Burp Suite, AppScan), knowledge of OWASP Top 10, CWE/SANS Top 25, Threat Modeling, understanding application architecture, design and functionalities with an interest in performing code reviews, then our application penetration testing team is the right place for you!
Required Skills & Experience
At least 5 years of experience in security or development
working knowledge of security tools suck as BurpSuite Proxy, AppScan, WebInspect, CheckMarx, BlackDuck, Nessus, NMAP
Knowledge of OWASP Top 10 and CWE/SANS Top 25
Nice to Have Skills & Experience
Masters Degree
Previous experience working with banking applications
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.