The role of the Penetration Testing Team is to proactively identify vulnerabilities in the firm's applications and infrastructure so that they can be remediated and prevent real-life cyber-attacks from happening.
The company has a large and diverse portfolio of products that are developed on all of the major technology stacks and platforms. This provides a varied and interesting role within the penetration testing team giving the team the opportunity to work on a multitude of different products.
The Expertise We’re Looking For
- Bachelor’s degree or equivalent experience
- 5+ years of IT experience
- Preferred:1+ years of hands-on web application penetration testing / ethical hacking experience
- Preferred: OSCP, GPEN, CEH, LPT,CISSP or other industry security certification
The Purpose of Your Role
- Lead testing efforts on web and mobile applications and supporting systems.
- Replicate the actual techniques and tools used by malicious attackers in an effort to model potential external threats.
- Upon completion of the assessment, you will prepare reports and present the results to application owners, developers, and business unit information security teams.
- Analyse test results, draw conclusions from results, and develop targeted exploit examples.
- Consult with operations and software development teams to ensure potential weaknesses are addressed.
- Contribute to the research or development of tools to assist in the vulnerability discovery process.
- Collaborate with other teams within Enterprise Cybersecurity to improve the overall security of all applications and infrastructure.
- Stay current on security best practices and vulnerabilities.
The Skills You Bring
- Ability to demonstrate manual testing experience including all of OWASP Top 10
- Intermediate knowledge of application security mechanisms such as authentication and authorization techniques, data validation, and the proper use of encryption
- Technical knowledge of, and the ability to recognize, various types of application security vulnerabilities
- Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, Wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite Professional, Acunetix, Arachni, w3af, NTOSpider
- Intermediate knowledge of Web Services technologies such as XML, JSON, SOAP, REST, and AJAX
- Intermediate knowledge of web frameworks, including XML, SOAP, J2EE, JSON and Ajax
- Experience with Enterprise Java or .NET web application frameworks, including Struts and Spring
- Proven analytical and problem solving skills, as well as the desire to assist others in solving issues
- Excellent interpersonal skills with a strong interest in the application security domain
- Excellent communication and presentation skills and a proven ability to communicate threats and facilitate progress towards long-term remediation
- Highly motivated with the willingness to take ownership / responsibility for their work and the ability to work alone or as part of a team.