Urgent position of Pen Tester
ATLANTA, GA (0nsite)
Description
Good understanding of OWASP top10 vulnerabilities 2. Burp scanning procedures. 3. Penetration testing skills, 4. In depth understanding between risk severity and probability 5. Describe specific steps or methodology for identified risk remediation. 6. Vulnerability identification and remediation, 7. Risk frameworks, 8. Mitigation and remediation strategies, 9. Concepts of SAST, DAST, DEVSECOPS. Responsibilities and Day to Day View · Execute vulnerability assessment of applications via automated and manual techniques to understand the risk and security posture of the applications in pre prod and prod envs. · Perform security analysis and identify new engineering standards for cloud, on prem, and/or mobile applications based on modern HTTP based web applications and microservices that improves security posture. Analyse HTTP request/response data and collaborate knowledge with technology teams to find root cause and hardening opportunities. · Conduct, lead and handoff incident response activities (triage, communications, containment, root cause analysis, remediation) · Assess, triage and prioritize security detections from logs and monitoring alerts for suspicious or anomalous activity including bot traffic · Review application design, architecture and configuration from security standpoint and provide recommendations based on security best practices · Research, design, and develop solutions meeting internal and external compliance, security requirements and standards for Site Security & Reliability Engineering · Drives defense in depth security for the organization to protect critical IT assets and data · Understands cryptography and encryption of data stored and transmitted. · Logging, monitoring, and responding to detected incidents. · Serving as the voice of the customer to the development and system support teams in implementing new features or resolving security issues that exist in technology implementations. Required Qualifications · Ability to conduct creative and in depth manual security testing (ethical hacking). · Identifies critical security gaps and drives them to resolution within required timelines. · Ability to write and develop security and infrastructure Security standards and requirements · Ability to use automated scans to identify security vulnerabilities and configuration gaps · Exceptional ability to communicate and drive progress on compliance by influencing action owners and tracking progress with reports, dashboards and other tracking mechanisms. · Ability to program and automate communications and notifications to action owners · At least 2 4 years¿ experience in working in Azure cloud, information security, PCI and SOC compliance · Perform security analysis of cloud configurations · Experience in Application Security Testing,
Please share to Clark@vkoresolutions.com
From:
Clark Adam,
VKore Solutions
clark@vkoresolutions.com
Reply to: clark@vkoresolutions.com