Anywhere in US
Mid Career (2+ years of experience)
Our Client is looking for a Pentester with experience programming and or reviewing code in several of C, C++, C#, .NET, Java, PHP, Objective-C, ColdFusion and/or Ruby on Rails as well as application security experience. The candidate will perform penetration testing, vulnerability testing and source code testing for the Client's customers.
Review security issues identified in applications through static binary analysis and dynamic analysis (automated web application scanning). This will include confirming the existence of software coding errors in several of C/C++, C#, .NET, Java, PHP, Objective-C, ColdFusion and/or Ruby on Rails (including deployed web applications).
Determine commonly occurring trends in engine and scan accuracy and provide feedback to the engine and scripting teams.
Achieve acceptable levels of analysis quality and throughout, as defined by internal operations metrics, and adhere to internal company security policies and procedures in delivering against job function.
Interact with customer support and customers directly as needed to assist them in understanding security flaws reported and answering questions on remediation strategies Augment the Application Security Research Lab, Engineering and QA resources as needed to assist with test case creation or to investigate new threat spaces and attack vectors.
Participate in internal user acceptance testing for new product releases, and assist with QA efforts as needed Handle internal escalations from Security Analysts and provide mentorship to junior team members.
Work with service delivery management to determine operational efficiency requirements and develop and enhance operations and delivery processes and procedures.
Understanding in several of C/C++, C#, .NET, Java, PHP, Objective-C ColdFusion and/or Ruby on Rails. Familiarity with such opensource tools as CWE, familiar with OWASP and Qualys for example.
Bachelor's degree in Computer Science or related discipline.
Analytical, organizational, and technical writing skills.
Self-motivated results driven, and able to work effectively in a team/operations environment.
Ideally candidates would also have:
0-1 years of development experience involving secure coding practices as part of the software development lifecycle, or equivalent exposure to static code analysis.
Some understanding of secure coding practices and dynamic testing (web application testing), with experience identifying and remediating security vulnerabilities is a plus.
Job keywords/tags: C , C++ , C# , .NET , Java , PHP , Objective-C , ColdFusion and/or Ruby on Rails