Basic Qualifications and
The Information Security Specialist will be responsible to support the Application Security organization. Specific duties include performing penetration tests, threat assessments, and leadership of the Application Security program. The ideal candidate should have experience in detecting security threats in the application space and can intelligently speak to the technical details of the threats. The ability to lead others and provide strategic direction of the program is a must.
· BS degree in Computer Science,similar technical field of study, or equivalent practical experience.
· Ability to effectivelycollaborate and communicate with others in English.
· 4+ years experience inapplication penetration testing and tooling, advanced red team, or applicationsecurity engineering and architecture, preferably in a large and distributedoperating environment.
· Expert knowledge ofOWASP Top 10 and ability to articulate web security risks
· Knowledge of automatedDAST, SAST, and RASP tooling is preferred, including but not limited to OWASPZed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect,Qualys, or WhiteHat.
· Operationalunderstanding of TCP/IP and computer networking. Knowledge of the functions ofsecurity technologies such as IPS/IDS, Firewalls, Security Information andEvent Management tools, etc a plus.
· Possession of industrystandard certification such as OSCP, CEH, GWAPT, GPEN and/or other relevantpenetration testing related certifications a plus.
· Demonstrated timemanagement skills strong work ethic, attention to detail, able to multitask andhave strong communication, time management and problem-solving skills.
· Knowledge of SDLC,Agile, Waterfall, or Scrum
· Information Security,Security Testing and/or Risk Analysis Experience
· 3-6 or more years ofexperience in solving challenging technical problems in two or more of thefollowing areas:
Modern web development
Unix/Linux environment management
Cloud based continuous delivery and environment management
Large, distributed system development
Processing and analyzing large data sets
OO programming, code refactoring and design patterns
Required Skills and Experience
- A passion for learning new programming languages, software libraries, data layers, and development paradigms.
- Ability to articulate at least one accomplishment that you are really proud of; what did you do and what was the outcome.
- Professional Experience with any of the following:
Amazon Web Services (AWS)
Multiple data stores (SQL stores, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr, etc)