Indicative Job Description:
- Experience with penetration testing, vulnerability assessment
- Web application and external network penetration testing using industry standard tools and technologies
- Well versed with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). Development experience preferred.
- Experience with OWASP testing Guide / Open Source Security Testing Methodology Manual.
- Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), CREST Penetration testing or similar certification preferred.
- Expert with common web application penetration testing tools including, but not limited to Burp, Fiddler, OWASP Zap, BeEF, and at least one commercial solution (Veracode, AppScan, or similar).
- Familiarity with common network vulnerability/penetration testing tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap
- Create actionable reporting based on security testing, including black,grey,white box,code reviews and reverse engineering, network and software architecture reviews and social engineering.
- Must have a working knowledge and strong understanding of security best practices for the following technologies:
- Windows Active Directory,
- network routing and switching,
- Prior experience with penetration testing, red teaming, white hat hacking, and/or performing information security assessments Compliance like PCI, HIPAA and frameworks like COBIT, ITIL etc. Must have experience in building test strategy, test plan, governing UATs, performance testing, integration testing, load/ stress testing, test automation, building/ maintaining currency of automated test beds.
- Must have experience in testing mobile apps (apps performance and Security testing)
- Managing penetration testing services, including both expert consulting and managed services. Providing manual penetration testing and standards gap analysis services to internal business and technology partners. Providing security requirements for test ‐driven design supporting application security tool deployments including static analysis and runtime testing tools.
- Producing metrics reporting the state of application security programs and performance. Must be able to approach IT security and testing from the perspective of risk management