Job Seekers, Please send resumes to resumes@hireitpeople.com

Job Responsibilities:

• Perform application testing
• Leverage and manage existing tools for application testing to detect weaknesses or possible incidents building on methodologies as such as OWASP, PCI, NIST, etc.
• Configure security testing platforms and tools
• Manage procedures for applications tests
• Perform application testing on our internal and external facing applications
• Perform threat modeling for existing applications
• Perform proactive research to detect new attack vectors
• Correctly balance security risk and product advancement
• Training and coaching new analysts
• Develop, maintain, and socialize secure coding guidelines and best practices
• Work with developers to assist in designing and architecting secure systems
• Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production
• Coach development teams on how to resolve and prevent vulnerabilities
• Be a security subject matter expert and respond to any internal security engineering questions/requests

Required Qualifications:

• Must be able to understand the diverse business requirements and be able to translate those requirements into applicable solutions
• Ability to present and explain technical information to diverse audiences
• Have proficiency with penetration testing tools, suites, and platforms such as Metasploit, and Burp Suite
• Bachelors degree in computer science, MIS, or equivalent technology discipline
• 3+ years experience in cyber security
• 3+ years experience in application penetration testing
• 2+ years of experience with DAST and SAST Testing on web applications and web services.
• Experience with web applications, databases, operating systems, and public cloud providers
• Experience in penetration testing large and complex applications
• Knowledge in development background using multiple development tools, techniques, and platform technologies
• Experience in vulnerability assessment testing process and procedures
• Knowledge of various identification and authentication schemes, Public Key Infrastructure, and Identity Management
• Programming experience with focus on penetration testing or process automation
• A thorough understanding of cyber security best practices and the ability to effectively apply those practices
• Proven ability to quickly learn new processes and tools, business domains and technical applications
• Ability to think technically and analytically
• Ability to develop effective relationships and work well within a team
• Must be a self-starter and detail-oriented
• Must have a positive and energetic demeanor
• Effective written and verbal communication skills
• Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.
• Creative problem-solving skills

Preferred Qualifications:

• Professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP
• Knowledge in secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static, and dynamic code analysis)
• Experienced in the use of source code scanners and the ability to manually validate findings/eliminate false positives
• Familiar with the use of various manual and dynamic application vulnerability testing suites
• Ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner
• Proficiency with scripting languages (e.g., Python, Bash, PowerShell)
• Applied Threat Modeling methodologies
• Experience with regulatory compliance, policy development, and policy enforcement
• Experience with various compliance standards (NIST SP 800 series, PCI, SOX)