PEN TESTER

Responsibilities

• Conduct black box, white box security and penetration testing to assess and validate application security
• Perform manual pen-tests, ability to setup threat models and fuzzers. Be able to work in an ethical lab for hackers
• Participate in architecture and design reviews with developers (all levels)/Dev Ops staff
• Design, implement and support security tools and services
• Influence and measure security policies and share best practices and recommendations
• Being able to track and monitor and use vulnerability tracking methods and tools
• Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation
• Issue reports on assigned application and system scans
• Perform Secure Code Development Training to developers and relevant staffs
• Support security policies and procedures
• Participate in security compliance efforts
• Participate in security operations support
• Evaluate new and emerging security products and technologies

• 5+ years of experience in web or mobile application security
• 5+ years of application development
• Passion for security, and a deep technical understanding of enterprise systems architecture
• Expert knowledge of information security principles, ethical hacking standards, along with a thorough knowledge of the current threat landscape and recent hacks and malware
• Knowledge of cloud-based infrastructures/software and how they affect security needs
• Familiarity and hands-on knowledge of with multiple languages and platforms (Java, Python, C/C++, Ruby, Perl and frameworks like Node.js, DoJo, and Angular.js ).
• Working Knowledge of SQL, Oracle, Mongo DB and PostgreSQL
• Coding knowledge in one or more front end and web technologies like Java & Ruby, Python, Perl; mobile code development is a plus
• In-depth knowledge and experience in OWASP 2013, SANS 25 and CWE
• In-depth Experience in providing vulnerability remediation, with code examples, both web and mobile applications
• Experience in working on AGILE projects and Waterfall Projects, along with fundamental project management and time management skills
• Experience in the all parts of the SDLC, such as coding, integration testing, security analysis and audits, code reviews, designing etc.
• Experience using vulnerability assessment tools/platforms such as IBM Appscan Enterprise, Coverity, Check Marx, Nessus, Qualys, GFI, HP Fortify, Veracode, Burp Suite, MS Threat Modeler, Codenomicon etc.
• Hands-on knowledge of cryptographic and encryption, PCI knowledge is a plus
• Understanding of malware by device type
• Expert problem solving and analytical skills;
  Advanced communication skills both spoken and written, to all levels of management
• Self-driven and the ability to work with minimal supervision is required
• Bachelor’s degree in an Information Technology/Computer Science/Computer Engineering