Sr Application Security Penetration Tester - Remote
Description All the benefits and perks you need for you and your family:
- Benefits from Day One- Paid Days Off from Day One- Student Loan Repayment Program- Career Development- Whole Person Wellbeing Resources- Mental Health Resources and Support Our promise to you:
Joining AdventHealth is about being part of something bigger.
It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit.
AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ.
Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team.
All while understanding that together we are even better.
Schedule:
Full Time The role you'll contribute:
The Application Security Engineer Sr.
Pentester will work as a member of the Application Security Team in the Data Security Office.
In this role, the Application Security Engineer Sr.
Pentester will perform web and mobile penetration testing on internally and externally sourced applications.
Perform static and dynamic code analysis with both opensource and commercial toolsets.
Perform manual code inspection with an advanced knowledge of source code vulnerabilities.
Responsible for compiling the findings of testing into formal reports that will be provided to the system and application stakeholders.
When necessary, interact with the stakeholders before assessments to coordinate access, during assessments to resolve issues during testing, and after assessments to help address security concerns and work with the teams to provide possible remediation options.
The value you'll bring to the team:
o Perform web and mobile penetration testing on internally and externally sourced applications.
o Perform static and dynamic code analysis with both opensource and commercial toolsets.
o Perform manual code inspection with an advanced knowledge of source code vulnerabilities.
o Responsible for compiling the findings of testing into formal reports that will be provided to the system and application stakeholders.
o When necessary, interact with the stakeholders before assessments to coordinate access, during assessments to resolve issues during testing, and after assessments to help address security concerns and work with the teams to provide possible remediation options.
o Provide occasional support to the security engineering team to assist in the management of security technologies administered by the group (e.
g.
web proxy, IDS, anti-virus).
o Be the subject matter expert for new vulnerabilities, existing vulnerabilities, and possess the ability to discuss the dangers with developers and project owners in a clear and concise manner.
o Recommend and assist with implementation of appropriate Web Application Firewall (WAF) settings.
Qualifications The expertise and experiences you'll need to succeed :
KNOWLEDGE AND SKILLS REQUIRED :
o Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.
o Ability and experience in working with cloud services (AWS, Azure, etc) to scope and request testing.
o Experience and understanding of multiple security platforms and layers including Firewalls, Proxy servers, Intrusion Prevention Systems, Web Application Firewalls and Logging Correlation.
Along with the knowledge and ability to bypass them through both automated and manual techniques.
o Adequate knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
o Understanding of many different application stacks and how to appropriately use them.
o Advanced knowledge of Fortify, WebInspect, Burp Suite Pro, Nessus, or similar tooling.
o Ability to utilize and configure application pentesting tools appropriately.
o Interest in all aspects of security research and development.
o Able to contribute in a team environment with other team members with varying skills, experience and locations.
o Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.
o Excellent analytical and multitasking skills.
o Basic concepts of common security frameworks (ISO, NIST, HITRUST).
o Basic concepts of varying industry data standards (PCI, HIPAA, etc.
).
o Have a strong understanding of OWASP Top 10 and similar frameworks.
o Experience with Agile/SCRUM software development models.
o Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trends in the industry.
_KNOWLEDGE AND SKILLS PREFERRED:
_ o Proficient with Micro Focus Fortify and WebInspect platforms (or similar enterprise static and dynamic analysis tooling) o Ability to articulate and express both verbal and non-verbal correspondence.
o Ability to translate control framework (e.
g.
HITRUST, PCI) requirements into understandable and actionable tasks.
o Software development experience in one of the following core languages:
Java,.
NET, PHP, Javascript, Python.
o EDUCATION AND EXPERIENCE REQUIRED :
o Bachelor's degree from an accredited university in either Computer Science or Information Security/Assurance, or related field.
o Six (6) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.
o A minimum of 3 years of professional experience as an Application Security Engineer Pentester.
_EDUCATION AND EXPERIENCE PREFERRED:
_ o Ten (10) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.
_LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:
_ o Security certifications (CISSP, CISM, CSSLP, GIAC-GWEB, CEH, Security +) o Non-Security Certifications (Microsoft, Cisco)This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.
Category:
Information Systems Organization:
AdventHealth Information Technology Schedule:
Full-time Shift:
1 - Day Req ID:
23030856We are an equal opportunity employer and do not tolerate discrimination based on race, color, creed, religion, national origin, sex, marital status, age or disability/handicap with respect to recruitment, selection, placement, promotion, wages, benefits and other terms and conditions of employment.
Recommended Skills.
Net Framework Analytical Antivirus Softwares Application Firewall Application Security Assessments Estimated Salary: $20 to $28 per hour based on qualifications.
- Benefits from Day One- Paid Days Off from Day One- Student Loan Repayment Program- Career Development- Whole Person Wellbeing Resources- Mental Health Resources and Support Our promise to you:
Joining AdventHealth is about being part of something bigger.
It's about belonging to a community that believes in the wholeness of each person, and serves to uplift others in body, mind and spirit.
AdventHealth is a place where you can thrive professionally, and grow spiritually, by Extending the Healing Ministry of Christ.
Where you will be valued for who you are and the unique experiences you bring to our purpose-minded team.
All while understanding that together we are even better.
Schedule:
Full Time The role you'll contribute:
The Application Security Engineer Sr.
Pentester will work as a member of the Application Security Team in the Data Security Office.
In this role, the Application Security Engineer Sr.
Pentester will perform web and mobile penetration testing on internally and externally sourced applications.
Perform static and dynamic code analysis with both opensource and commercial toolsets.
Perform manual code inspection with an advanced knowledge of source code vulnerabilities.
Responsible for compiling the findings of testing into formal reports that will be provided to the system and application stakeholders.
When necessary, interact with the stakeholders before assessments to coordinate access, during assessments to resolve issues during testing, and after assessments to help address security concerns and work with the teams to provide possible remediation options.
The value you'll bring to the team:
o Perform web and mobile penetration testing on internally and externally sourced applications.
o Perform static and dynamic code analysis with both opensource and commercial toolsets.
o Perform manual code inspection with an advanced knowledge of source code vulnerabilities.
o Responsible for compiling the findings of testing into formal reports that will be provided to the system and application stakeholders.
o When necessary, interact with the stakeholders before assessments to coordinate access, during assessments to resolve issues during testing, and after assessments to help address security concerns and work with the teams to provide possible remediation options.
o Provide occasional support to the security engineering team to assist in the management of security technologies administered by the group (e.
g.
web proxy, IDS, anti-virus).
o Be the subject matter expert for new vulnerabilities, existing vulnerabilities, and possess the ability to discuss the dangers with developers and project owners in a clear and concise manner.
o Recommend and assist with implementation of appropriate Web Application Firewall (WAF) settings.
Qualifications The expertise and experiences you'll need to succeed :
KNOWLEDGE AND SKILLS REQUIRED :
o Detailed technical knowledge of techniques, standards and state-of-the art capabilities surrounding authorization, applied cryptography, security vulnerabilities and remediation.
o Ability and experience in working with cloud services (AWS, Azure, etc) to scope and request testing.
o Experience and understanding of multiple security platforms and layers including Firewalls, Proxy servers, Intrusion Prevention Systems, Web Application Firewalls and Logging Correlation.
Along with the knowledge and ability to bypass them through both automated and manual techniques.
o Adequate knowledge of web related technologies (web applications, web services, and service oriented architectures) and of network/web related protocols.
o Understanding of many different application stacks and how to appropriately use them.
o Advanced knowledge of Fortify, WebInspect, Burp Suite Pro, Nessus, or similar tooling.
o Ability to utilize and configure application pentesting tools appropriately.
o Interest in all aspects of security research and development.
o Able to contribute in a team environment with other team members with varying skills, experience and locations.
o Able to communicate technical decisions and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements.
o Excellent analytical and multitasking skills.
o Basic concepts of common security frameworks (ISO, NIST, HITRUST).
o Basic concepts of varying industry data standards (PCI, HIPAA, etc.
).
o Have a strong understanding of OWASP Top 10 and similar frameworks.
o Experience with Agile/SCRUM software development models.
o Be self-motivated and capable of self-learning to maintain a working knowledge of the ever-changing software development landscape as well as security trends in the industry.
_KNOWLEDGE AND SKILLS PREFERRED:
_ o Proficient with Micro Focus Fortify and WebInspect platforms (or similar enterprise static and dynamic analysis tooling) o Ability to articulate and express both verbal and non-verbal correspondence.
o Ability to translate control framework (e.
g.
HITRUST, PCI) requirements into understandable and actionable tasks.
o Software development experience in one of the following core languages:
Java,.
NET, PHP, Javascript, Python.
o EDUCATION AND EXPERIENCE REQUIRED :
o Bachelor's degree from an accredited university in either Computer Science or Information Security/Assurance, or related field.
o Six (6) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.
o A minimum of 3 years of professional experience as an Application Security Engineer Pentester.
_EDUCATION AND EXPERIENCE PREFERRED:
_ o Ten (10) or more years of global work experience in Computer Science, Information Security and/or Software Engineering, in a diverse workforce environment, promoting security awareness.
_LICENSURE, CERTIFICATION OR REGISTRATION PREFERRED:
_ o Security certifications (CISSP, CISM, CSSLP, GIAC-GWEB, CEH, Security +) o Non-Security Certifications (Microsoft, Cisco)This facility is an equal opportunity employer and complies with federal, state and local anti-discrimination laws, regulations and ordinances.
Category:
Information Systems Organization:
AdventHealth Information Technology Schedule:
Full-time Shift:
1 - Day Req ID:
23030856We are an equal opportunity employer and do not tolerate discrimination based on race, color, creed, religion, national origin, sex, marital status, age or disability/handicap with respect to recruitment, selection, placement, promotion, wages, benefits and other terms and conditions of employment.
Recommended Skills.
Net Framework Analytical Antivirus Softwares Application Firewall Application Security Assessments Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
