Job Description :
Role - Sr. SDET - Security Engineer
Location - Deerfield IL
Education and Experience
Bachelor''s degree and at least 5 years of experience in manually testing
web applications and enterprise penetration testing
Experience with scripting languages (e.g. perl, python, PHP, ruby) and
programming languages (e.g. JAVA, Objective C)
Ability to explain networking concepts (routing, ACL, load balancers,
SSL/TLS, TCP) in order to provide application architecture feedback to
clients
Background in web application development and/or code auditing strongly
preferred
Strong verbal & written communication skills
Passion for discovering and researching new vulnerabilities and
exploitation techniques
Vulnerability and threat management experience
Experience with various security tools and products (AppScan, Nessus,
Wireshark, Burp Suite, HP Web Inspect)
Good understanding of the components of a secure DLC/SDLC
Vulnerability analysis and application reversing skills
Understanding of cryptography principles
Job Description
Perform application and infrastructure penetration tests, as well as
physical security review and social engineering tests for clients
Perform security reviews of application designs, source code and
deployments as required; covering all types of applications (web
application, web services, thick client applications)
Review and define requirements for information security improvements
Work on improvements for provided security services, including the
continuous enhancement of existing testing methodologies, materials and
supporting assets
Conduct architecture security reviews, application testing, internal
vulnerability assessments and external penetration testing modeled after
real world attackers (i.e., exploit and pivot)
Conduct security architecture reviews of the full stack including
applications built on cloud and emerging technologies
Conduct manual application security testing and source code auditing for a
variety of technologies.
Provide clear and detailed risk assessment and remediation guidelines for
developers and business leaders
Other responsibilities include:
Security research on the latest best practices, trends, threats and
vulnerabilities, and technology frameworks
Documenting and disseminating security guidelines for common security
issues, remediation guidance, and security technology baselines
Develop tools and exploits to support application security review and/or
penetration testing