Salt Lake City, UT
90k - 170k
about 1 year ago
• Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
• Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
• Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
• Develops and implement manual and automated web application security testing of e-commerce web applications to enforce security standards.
• Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations
• Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience
• 3-5 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
• Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10.
• Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
• Familiarity with APT attack and kill chains.
• Experience with various code repositories including GitHub and Apache Subversion (SVN)
• Experience with continuous integration servers such as Jenkins and ElectricCommander