The Senior Security Engineer must have a good understanding of Infrastructure, application, and Cloud security technologies and processes. We are looking to add an experienced Cybersecurity Penetration Tester to an already amazing team. The SE should have hands on experience working with security assessment tools to identify, prioritize, and help remediate vulnerabilities. Experience working with developers, DevOps teams, and infrastructure engineers in a dynamic environment, to promote/implement security technology and awareness.
PRIMARY DUTIES/KEY RESPONSIBILITES
- Automated and Manual penetration testing
- Demonstrate knowledge and application of vulnerability risk assessment technology in areas including application security/architecture, infrastructure, and cloud security throughout the data lifecycle.
- Support the development and deployment of innovative security solutions to safeguard assets, in the cloud and our data centers, while enabling the business.
- Support remediation of technical vulnerabilities and provide inputs on impact from open vulnerabilities.
- Proactively identify, evaluate, and assist in the mitigation of cybersecurity risks aligned with the organization’s risk posture as well as business and operational objectives across an international footprint.
- Able to test, validate and articulate all vulnerabilities identified in the OWASP top 10.
- Conduct, coordinate and perform application vulnerability assessments (Dynamic & Static) manually and using proprietary tools.
- Work closely with business, product, and technology teams to understand business objectives, initiatives, and ensure alignment with cybersecurity objectives and requirements.
- Review and analyze vulnerability data to identify security risks to the organization’s network, infrastructure, and applications.
- Ability to work with API’s to do integrations, assess risk, and derive data.
- Provide regular and timely reporting on the status of open vulnerabilities from multiple tool sets, across the organization.
- BA/BS Degree and 5+ years experience OR 9years experience of equivalent work experience
- 5+ years’ experience in IT Security, Risk and/or Compliance or equivalent.
- Demonstrated experience planning and conducting cybersecurity penetration tests of networks and web applications.
- Understanding of web-based applications, infrastructure, and architecture.
- Experience with Veracode, HP WebInspect, Qualys, Nessus, Splunk, ZAP, Burp Suite, Kali Linux, AWS.
- CISA, CISSP, CISM, or other security certification(s). Scripting/Development Experience a plus.
- Ability to work in a fast-paced and dynamic environment
- Ability to work in a team and independently to fix issues with little or no supervision
- Excellent organizational, project management and follow-up skills
- Ability to build effective working relationships at all levels of the organization
- Excellent communication skills