Job Description :
Sr SDET Engr_Security (IRC54078)

Location – Deerfield IL, Mode – FTE Only

Job Responsibilities

Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for clients
Perform security reviews of application designs, source code and deployments as required; covering all types of applications (web application, web services, thick client applications)
Review and define requirements for information security improvements
Work on improvements for provided security services, including the continuous enhancement of existing testing methodologies, materials and supporting assets
Conduct architecture security reviews, application testing, internal vulnerability assessments and external penetration testing modeled after real world attackers (i.e., exploit and pivot)
Conduct security architecture reviews of the full stack including applications built on cloud and emerging technologies
Conduct manual application security testing and source code auditing for a variety of technologies.
Provide clear and detailed risk assessment and remediation guidelines for developers and business leaders
Other responsibilities include:
Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks
Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
Develop tools and exploits to support application security review and/or penetration testing.

Required:
?Bachelor's degree and at least 8+ years of experience in testing web applications and enterprise penetration testing.
Experience with scripting languages (e.g. perl, python, PHP, ruby) and programming languages (e.g. JAVA, Objective C
Ability to explain networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback to clients.
Background in web application development and/or code auditing strongly preferred.
Strong verbal & written communication skills.
Passion for discovering and researching new vulnerabilities and exploitation techniquesVulnerability and threat management experience.
Experience with various security tools and products (AppScan, Nessus, Wireshark, Burp Suite, HP Web Inspect)
Good understanding of the components of a secure DLC/SDLC
Vulnerability analysis and application reversing skills
Understanding of cryptography principles

Client : Understanding of cryptography principles