Sr. Penetration Testing Engineer

Location: Austin, TX, United States
Date Posted: 01-02-2019
We are currently seeking a Sr. Penetration Testing Engineer to join a robust Security & Resiliency team, based in Boston, MA or Austin, TX.
The Sr. Penetration Testing Engineer will join as a member of the Security Development Lifecycle (SDL) team.  The SDL is a strategic program for consistently building demonstrably resilient software across a diverse product and technology portfolio – ranging from firmware to high-level applications.
This role will be working with several complex products and will lead, mentor and influence them into implementing Secure Development controls in their products.  Specific experience in building security for Cloud-based solutions in an Agile or DevOps environment is required.
Key Responsibilities
  • Strategically engages product teams, shares application security testing knowledge and builds security integration tools with product engineers
  • Leads security testing engagements with product teams and mentors engineers on security testing methodologies and techniques
  • Collaborates with developers and testing/quality engineers to provide solutions for discovered security issues and provides product teams with scripts, tools and testing strategies
  • Finds the 0-days in products before anyone else does
  • Documents and shares with the product teams the issues discovered, including the steps to reproduce and mitigate them
  • Writes custom tools that can help product teams conduct efficient security testing
  • Leads security testing workshops to teach other engineers how to find security issues in products
  • Documents generic test cases for publication in Product Security knowledge base
  • Collaborates and contributes to security testing community across the company to share best practices
  • Proactively identifies new testing tools that help advance security testing
Master's degree in Information Security or similar technical field desirable Experience performing application black-box and white-box penetration testing Knowledge of reversing patch & exploring 1-day exploits Certifications such as CEH, CISSP, Security+ a bonus
  • Bachelor’s degree in Computer Science, Computer Engineering or related field with 8+ years relevant experience; or Master’s degree with 6+ years relevant experience;
  • Or equivalent experience Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10, SANS/CWE top 25 and vulnerability scanning
  • Experience in understanding and leveraging reports from scanners such as IBM Appscan, Nessus, Qualys, Twistlock
  • Proven experience in discovering authentication and authorization bypass defects
  • Experience in finding 0-days and writing exploit
  • Experience with penetration testing tools (e.g. ZAP, Burp Suite, etc.)
  • Ability to think like an attacker and make sure that products are ready to stand up to current and future attacks Subject Matter Expert on software vulnerability types and exploitation
  • Knowledge of how to test code and applications across various platforms (Linux, Windows, etc.) for security issues
  • Knowledge of at least one programming or scripting language such as Python, Java, C, Ruby, etc.
  • Strong understanding of the network stack including ports and protocols
  • Good presentation & documentation skills
  • Ability to articulate business impact of software security problems translating them into worst case scenarios
  • Ability to work with diverse and global teams
For more information, please apply below or contact us
this job portal is powered by CATS