Web Application Penetration Tester - SecureWorks
SecureWorks is a global leader in providing intelligence-driven information security solutions. We play an important role, as no organization in the world is immune from cyber attacks and the nature of the attack is changing every day. Internet security is a problem that will never be solved. Unlike point products that address a specific technology issue, we attack the problem holistically by analyzing threat actor tactics, techniques and procedures, and develop solutions using best-of-breed technologies to protect our clients. We are one of the best in the world at understanding the threat. In short, we give our clients an early warning capability. SecureWorks was founded in 1999 and headquartered in Atlanta, Ga., with offices in all the major security markets around the globe. We have more than 2,000 team members, and partner with more than 4,200 clients in 59 countries to keep the bad guys out of their networks. We’ve been consistently recognized by industry analysts, readers’ polls and as a leader in the Gartner Magic Quadrant for managed security services, worldwide.
The Mobile Web Application Tester supports the Security and Risk Consulting /Technical Security Services Team by applying information security threat intelligence to identify and exploit vulnerabilities within our client’s environments. The focus areas for this role are web and mobile application penetration testing, API testing, and code review.
*This position is in Reston, VA.
-Conduct application security assessments and penetration tests (web, mobile, API, etc.) using off-the-shelf or self-developed exploitation tools to execute manual testing for advanced attacks
-Produce and deliver a professional security assessment report to clients for each application
-Conduct client conference calls to include, but not limited to project kick-off calls, notification of high/critical findings during the testing process, and close out calls to review test findings, evidence, process steps to reproduce, and remediation recommendations
-Participation in conference calls with sales and/or clients or potential clients to answer technical questions, define application/project scope, estimated time required to complete scope of work
-Maintain working knowledge of advanced cyber threat actor tactics, techniques and procedures
(TTP), and emulate these TTP to assess vulnerability and risk
-Drives innovation and integration of new technologies into application security test practices
-Develop and document new post-exploitation tools and techniques for use by internal and external customers
-Assist with application security assessments and reporting methodology enhancements
-Apply innovation to improve service efficiency and service value
-Suggest or implement enhancements to internal systems
-Interface with Counter Threat Unit (CTU) and Incident Response (IR) teams
As a managed security provider, SecureWorks expects its employees to understand and apply commonly known security practices and possess a working knowledge of applicable industry controls such as NIST 800-53. Employees will be expected to acknowledge their security responsibilities in writing prior to gaining access to company systems. Employees will be required to maintain a working knowledge of local security policies and execute general controls as assigned.
-5 years of experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as
other various commercial and self-developed testing tools
-Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
-2 years of application penetration experience, code review, and leading application testing engagements
-Experience with scripting languages such as python, ruby, POSIX shell, as well as familiarity with programming languages such as: C/C /ObjC/C#, Java, PHP, or .NET
-Strong technical communication skills, both written and verbal; strong analytical and problem solving skills
-Ability to effectively communicate technical security concepts to executive stakeholders in business language
-Must be able to effectively work with and interact with clients of various backgrounds and maintain positive client relationships
--Ability to work flexible work hours at times if needed
-PCI Experience preferred
-Operating systems administration and internals (Microsoft Windows / Linux)
-Understanding of TCP/IP networking at a technical level
-Significant plusses for one or more of the following: experience in mobile or cloud
application testing, experience with disassembly and debugging tools, exploit development, runtime
malware analysis, testing embedded platforms and hardware security, cryptography or cryptanalysis, delivering classroom training on Secure Application Development/Application Security Testing
-OSCP/E or GIAC GMOB, GWAPT, GXPN or similar preferred
-A Bachelor of Science degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field; or equivalent professional experience
This position I located in Reston, VA.
SecureWorks is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: SecureWorks is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at SecureWorks are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. SecureWorks will not tolerate discrimination or harassment based on any of these characteristics. SecureWorks encourages applicants of all ages.
**Job:** **Services IT - Security Systems*
**Title:** *Web Application PenetrationTester - SecureWorks*
**Requisition ID:** *16000ZFT*