Description
Security Test Engineer (CEH, ECSA, ECSP, Sans, GIAC)
Security Test Engineer (CEH, ECSA, ECSP, Sans, GIAC) is urgently required for a long-term contract position with a major blue chip client in a great location.
If you are not the Security Test Engineer my client is looking for we offer up-to 1K for a successful referral.
Key skills
- B.S. in Computer Science or related technical major (M.S./PhD preferred) or significant job experience. You have a valid (Current) CEH, ECSA, ECSP, Sans, GIAC Certification.
- Minimum 5 years penetration testing experience, with significant mobile testing.
- Experience with OWASP testing Guide/Open Source Security Testing Methodology Manual
- Development experience preferred.
- Expert with common web application penetration testing tools including, but not limited to Burp, Fiddler, OWASP Zap, BeEF, and at least one commercial solution (WebInspect, AppScan, or similar).
- Experience deploying enterprise security testing solutions.
- Familiarity with common network vulnerability/penetration testing tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap.
- Experience with debuggers, disassemblers, binary patch diffing (eg BinDiff).
- Experience with testing automation suites such as Selenium. UFT
- Technical depth in many, if not most of the following areas: LAMP stack, Node.js, Scala/Java, iOS, Android OS, Windows Mobile, web services, and certificate pinning.
- Familiarity with Secure Development Lifecycle practices and Agile development.
- Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.
- Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
- Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.