Connecting linkedin

W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9oyw1sew4td2lsbglhbxmvanbnl2jhbm5lci1kzwzhdwx0lwpvyi5qcgcixv0

Job

Application Security - Penetration Tester

  • Location

    Boston, Connecticut, Rochester NY

  • Sector:

    Technology, Cyber Security

  • Job type:

    Permanent

  • Salary:

    90k - 140k

  • Contact:

    Gerald Mitter

  • Contact email:

    g.mitter@hamlynwilliams.com

  • Salary high:

    0

  • Salary low:

    0

  • Job ref:

    PT-123

  • Published:

    about 1 month ago

  • Expiry date:

    2020-01-22

  • Startdate:

    ASAP

Responsibilities:

  • Threat modeling application features and production environments.
  • Break applications and prevent them from being broken.
  • Security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation, AUTH, and internal applications.
  • Definition of Application Security policies, procedures and reporting metrics.
  • Participate in incident handling and response.
  • Security partnership with data, development, security and engineering teams.
  • Security research, presentations, publications, and security industry collaboration.
  • Guidance and architecture oversight, design reviews, and security feature roadmap collaboration.

 

Requirements:

  • S. / M.S. in Computer Science, Electrical Engineering and/or 5+ years of related experience.
  • Experience with agile software development processes and methodologies.
  • Working knowledge of source code repositories.
  • Experience developing, deploying, and securing applications in Azure or AWS.
  • Experience working with a variety of development tools, languages, and environments, including .NET/Core, MVC, REST API, C#, SPA, JavaScript and common frameworks (Angular, React, etc.)
  • Experience with Azure or AWS Development and CI/CD tooling (Visual Studio, Azure DevOps)
  • Deep working knowledge of modern authentication and authorization protocols(OAuth, OpenID Connect, SAML)
  • Experience with DAST, SAST, and IAST solutions, including static analysis tools for C# and JavaScript.
  • Knowledge of real world, applied crypto techniques
  • Experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10 and CWE/SANS Top 25