Position Details: Sr. Security Automation Engineer-926609TH
The Penetration Tester is part of the client Security Operations organization and participates in engagements throughout the global enterprise. The Penetration Tester is responsible for coordination with stakeholders, security testing of client technology, communication of findings and completion of day to day tasks associated with penetration test program. The Penetration Tester will participate in web application, API, mobile application, networking and red team engagements.
- Conduct initial penetration test scoping/kick off meetings with business stakeholders.
- Conduct web application, API, mobile and network penetration testing within the designated scope and rules of engagement.
- Provide consultation on appropriate remediation actions.
- Participate in cross training with other members of penetration testing team.
- Perform required audit related tasks from internal audit, SOX and PCI activities.
- Interface with other CIS organizations such as Governance, Risk and Vulnerability Management to report on program status and coordinate risk tracking.
- Maintain and compose operational process documentation regarding program execution.
- Participate in red team activities in conjunction with blue team resources.
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
- 5+ years of IT professional experience.
- 2+ years Information Security experience, with previous penetration testing or application security background
- Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices.
- Strong Web Application development, security flaw and remediation technical understanding.
- Strong verbal and written communication skills.
- Strong organizational and/or project management skills.
- Ability to develop strong working relationships with stakeholders from a variety of teams
- Strong attention to detail, data accuracy, and data analysis.
- Self-motivated and operates with a high sense of urgency and a high level of integrity.
- Certifications such as GIAC Web Application Penetration Testing (GWAPT) or Offensive Security Certified Professional (OSCP) are strongly preferred.
- Previous experience working in large scale environments with diverse technologies.
- Experience and knowledge of performing security tasks within cloud environments
- Ability to automate technical tasks through the use of APIs or scripting
Demonstrated technical experience:
- Penetration testing tools such as web interception proxies, exploit frameworks, network mappers, vulnerability scanners
- Strong understanding of HTTP
- Strong understanding of REST APIs
- Server operating systems (Windows, Linux)
- Networking devices, protocols and concepts
- INFORMATION SECURITY
- SOFTWARE DEVELOPMENT
- INFORMATION ASSURANCE
- OPEN SOURCE
- SECURITY VULNERABILITY
- STRUCTURED SOFTWARE
- SUBJECT MATTER EXPERT
- VULNERABILITY ASSESSMENT
- WEB BASED