Application Security - Penetration Tester
-
Location
Boston, Connecticut, Rochester NY
-
Sector:
-
Job type:
-
Salary:
90k - 140k
-
Contact:
Gerald Mitter
-
Contact email:
g.mitter@hamlynwilliams.com
-
Salary high:
0
-
Salary low:
0
-
Job ref:
PT-123
-
Published:
about 1 year ago
-
Expiry date:
2020-10-09
-
Startdate:
ASAP
Responsibilities:
- Threat modeling application features and production environments.
- Break applications and prevent them from being broken.
- Security testing (black-box, gray-box) and code review of cloud and mobile products, APIs, internal automation, AUTH, and internal applications.
- Definition of Application Security policies, procedures and reporting metrics.
- Participate in incident handling and response.
- Security partnership with data, development, security and engineering teams.
- Security research, presentations, publications, and security industry collaboration.
- Guidance and architecture oversight, design reviews, and security feature roadmap collaboration.
Requirements:
- S. / M.S. in Computer Science, Electrical Engineering and/or 5+ years of related experience.
- Experience with agile software development processes and methodologies.
- Working knowledge of source code repositories.
- Experience developing, deploying, and securing applications in Azure or AWS.
- Experience working with a variety of development tools, languages, and environments, including .NET/Core, MVC, REST API, C#, SPA, JavaScript and common frameworks (Angular, React, etc.)
- Experience with Azure or AWS Development and CI/CD tooling (Visual Studio, Azure DevOps)
- Deep working knowledge of modern authentication and authorization protocols(OAuth, OpenID Connect, SAML)
- Experience with DAST, SAST, and IAST solutions, including static analysis tools for C# and JavaScript.
- Knowledge of real world, applied crypto techniques
- Experience identifying, triaging, and remediating application vulnerabilities including the OWASP Top 10 and CWE/SANS Top 25