Job Description :
RESPONSIBILITIES
Supports the company''s commitment to protect the integrity and confidentiality of systems and data.
Owns remediation of vulnerabilities and potential issues found during penetration tests.
Performs expert assessments and works with Security Architects and Security Engineers to identify complex vulnerabilities and own remediation.
Efficiently owns, performs and delivers security assessment reports and penetration tests, and oversees the remediation of all findings and recommendations.
Performs static source code vulnerability analysis reports for developed applications as directed as well as dynamic source code vulnerability analysis.
Drives discovery of new vulnerability exploitation techniques.
Performs expert threat modeling to identify all possible attack vectors.
Collaborates with stakeholders to create remediation strategies that will help improve their security posture
KEYS KILLS
Experience working with information security frameworks (SANS, NIST
Strong experience with SAST, DAST, and IAST tools.
Expert knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities, testing procedures, and remediation recommendations.
Programming experience in one or more of the following languages: Ruby, Python, Perl, C, C++, Java, and C
Expert knowledge of penetration test and assessment procedures, as well as expert knowledge of remediation best practices.
Strong experience in vulnerability management and remediation processes.
Ability to communicate technically with IT and information security experts, but also effectively translate issues and risks into clear and understandable business language.
Good interpersonal/relationship management skills, able to foster working relationships within the team, across Information Security and with business colleagues.
Strong Knowledge of business and Information Security practices and trends.
Expert knowledge of TCPIP, networking, web applications, databases, mobile, and cloud applications.
Develops new and custom techniques for various types of security assessments and penetration tests.
Proven ability to research recommend and document repeatable defense.
KEY QUALIFICATIONS
Bachelor''s degree in Computer Science, Computer Information Systems, Information Security, Engineering, Math or Physical Science, or related field.
Minimum of two years mobile application penetration testing experience
Advanced knowledge of mobile application testing techniques, software, protocols and the ability to bypass common mobile application security controls
Expert level understanding of offensive and defensive security, including offensive evasion and defensive detection techniques.
of 4 years of general security penetration test experience and at least 3 years of general IT or information security experience.
Desirable Certifications
CEH, AWS Certified SysOps Administrator, CAP, SSCP, GSEC, GCIH, GCIA, GPEN, GCED, GSNA, GSIP, GCFA, GCFE.