The Application Security Engineer will interface with the Business Group information security and application leaders to provide timely security assessments, reporting, guidance and assist with remediation.
As part of the Product Security team, Security Testing Services is responsible for ad-hoc and ongoing penetration tests of Technology solutions. Our services support both our annual test plan and achievement of compliance requirements. Our techniques include both manual and automated test procedures across all segments of Information Technology and our Business Pyramids. Core domains included in our scope of test procedures include enterprise applications, web applications, mobile applications, databases, point of sale applications and infrastructure, retail store applications and infrastructure, mobile devices, network and cloud infrastructure, server, mainframe, and directory services.
• Consult, design, and execute penetration tests against applications and infrastructure
• Identify and document security vulnerabilities in client/server, web, and mobile applications, as well as network, systems, and mobile infrastructure
• Report vulnerabilities using our standardized reporting structure
• Assign vulnerability scores utilizing the common vulnerability scoring system (CVSS)
• Assist in the prioritization of findings based on risk
• Partner closely with Cyber Threat Intelligence to quickly determine the relevance of emerging Cyber Threats across our environment
• Consult with application and system owners to define remediation requirements and timelines
• Validate the completeness and effectiveness of remediated vulnerabilities
• Work with third-parties to coordinate and/or conduct penetration exercises
• 3+ years of experience performing security testing
• Expertise in 2 or more test domains specified above
• Demonstrated history of identifying advanced vulnerabilities independently
• BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience.
• Experience utilizing automated vulnerability identification tools
• Experience in manual penetration testing
• Experience matching vulnerabilities with risk ratings
• Experience with network and web application pen testing
• Possession of excellent oral and written communication skills