The position will be part of an assessment team that is responsible for assessing the implementation of security controls for all systems.
- Conduct Web application penetration testing
- Conduct API penetration testing
- Conduct security assessments on a wide variety of technologies and implementations
- Simulate sophisticated cyber attacks to identify vulnerabilities for clients worldwide
- Conduct source code reviews
Minimum Qualifications: (Minimum knowledge, skills, and abilities to perform the job)
- At least 3 years of experience performing application security testing
- Knowledge of vulnerability management and scanning best practices such as CVE database and the CVS System used for scoring vulnerabilities.
- Good communications skills (both written and verbal) and be able to work with a group as well as independently
- Working understanding of OWASP Top 10 vulnerabilities, how they are exploited, and a notion of how to they are fixed
- Background in scripting
- Experience Windows/Linux/Cloud Computing (AWS, Azure) systems
- Utilize various information system inspection tools to analyze potential vulnerabilities and identify mitigation approaches.
- Basic knowledge of network architecture and network, system, and application security
- Working knowledge of security frameworks, regulatory requirements, and industry standards such as NIST, COBIT, ISO 27001 and HIPAA
Desired Qualifications: (desired experience, education, and training)
- Experience in security certification and accreditation process.
- OSCP, CISSP, SANS, AWS, CEH or equivalent certifications