Job Description :
Sr. Security Engineer - in Bellevue, WA
6 month contract
Phone/SKYPE interview
Solid hands-on application penetration/security testing. Can break into applications and find security flaws in the applications web, API, and mobile
Are you passionate and want to work for a kick-ass Application Security Team? You found your dream gig!! We are crazy engineers approaching application security in an UnCarrier style. Of course, what else would you expect we are #Magenta.
As a member of the Application Security team, you perform hands-on security assessments on the web, mobile, and console applications; working closely with technology and business partners across the company. As Application Security Engineer you are responsible to ensure that both internally developed applications and third-party vendor applications are implemented in a manner that assures the highest security protections. You are always tasked to stay ahead of the bad-actors at all times.!! The expectation for this role is purely hands-on and be able to identify and demonstrate the exploitation of the vulnerabilities in code and in run-time applications.
Primary Responsibilities:
Performs static/dynamic code testing, manual code review, threat modeling, and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
Work closely with feature teams early on in the design phase to ensure systems are built securely.
Must be very well versed with OWASP Top 10 vulnerabilities and must demonstrate to exploit such vulnerabilities in mobile, web and console applications
Expertise in performing penetration testing on mobile, web, API’s, Web Services is a MUST.
Develop and implement manual and automated web application security testing of web applications to enforce security standards.
Required Qualifications:
Must be able to communicate at all levels in the organizations and when required you also need to act as a technical document writer.
Must be familiar with the below Toolsets:
Fortify SCA (Expertise: Advanced)
Fortify Web Inspect (Expertise: Advanced)
Nessus
Nmap
Veracode
Burp Suite
ZED attack proxy
SCAP
Threat Modeling (e.g. STRIDE)
Must have at least 7+ years of experience in Application Security.
Preferred Qualifications:
Looking for a solid hands-on application penetration/security testers who can break into applications and find security flaws in the applications web, API, and mobile.