Description
Description- Conduct formal security tests on web-based applications, networks and other types of computer systems on a regular basis
- Perform application and infrastructure penetration testing using both manual and automated testing
- Develop and contribute to existing ethical hacking methodologies and procedures
- Support training and awareness of company information security policies and procedures
- Perform dynamic and static code analysis
- Collaborate with other teams to develop and maintain security testing toolsets
- Communicate technical vulnerabilities and remediation steps to developers and management
- Support the development of secure SDLC methodologies
- Investigate potential vulnerabilities reported by 3rd party security researchers
- Provide a high standard of reporting that includes KPI's (measures and measurements)
- Communicate potential risk and risk treatment options to business owners
Skills Required
- Must have a minimum of 3 - 5 years of consulting or relevant work experience.
- Proven abilities in leading and directing teams.
- Define, maintain and execute on an account plan that is in line with our company strategy.
- Drive solutions that are consistent with scope.
- Ability to effectively facilitate meetings with project team members, various business groups and senior leadership.
- Ability to present persuasively and effectively to executives.
- Ability to effectively manage time, prioritize work, and multi-task across several project assignments.
- Ability to manage, control and report on project budget.
- Implement corrective action as needed to control budget.
- Ability to interact and communicate professionally with all levels of staff and management as required to coordinate project deliverables, deliver status reports, and facilitate meetings.
- Excellent verbal and written communication skills.
- Exceptional problem solving skills.
- Subject Matter Expert within the industry.
- Bachelor's degree from a four-year college/university or equivalent work experience required.
- Specific industry experience relative to this role is highly desired.
- Demonstrable penetration testing skills
- Excellent communication skills, both oral and written
- Ability to work independently
- Application development background with languages such as C, C++, C#, JAVA, J2EE, AngularJS preferred
- Vulnerability and Risk Management experience
- Compliance and security framework experience, eg, PCI, SOX, NIST, ISO
- Experience with automated tools, eg, Appscan, Fortify, Appscan Source, Burp Suite, Qualys, Nessus
- Available to work after normal business hours
- Ability to follow established policies and procedures