Senior, Web Application Penetration Tester
Equifax, Inc
Heredia, Heredia, Costa Rica
hace 5 días

Job Description Summary

  • Responsible for supporting a global program to identify, exploit, and communicate application and network layer risks including development of mitigation or remediation strategies.
  • Plan and execute complex Penetration Testing and Assessment exercises including leading or participating in Red / Blue team testing exercises.
  • Lead and manage multiple complex engagements and projects simultaneously.
  • Develop strong relationships within Security and with IT leaders in responsible business units in order to successfully execute security assessments and penetration testing.
  • Lead integration efforts within Security and with IT partners.
  • Management and internal client reporting to ensure risks are captured and prioritized as necessary.
  • Day to day responsibilities of this role

  • Triaging Web Applications and Web Services / APIs for Penetration Testing
  • Corresponding with Development Teams and Information Security Officers for access, credentials, and artifacts to conduct Penetration Testing
  • Conduct of Penetration Testing using both automated and manual procedures
  • Technical writing reports detailing vulnerabilities identified, to include evidence of exploitability
  • Educational requirements

  • Bachelors of Science in Information Security preferred but not required
  • Years of experience required

  • 5+ years Penetration Testing experience
  • Required technical skills (must have)

  • Experience in Computer Programming and Scripting (e.g. Python, Ruby, Perl, PowerShell)
  • Knowledge of Vulnerabilities and Exploits used for compromising Web Applications and Services
  • Experience in using security testing tools (e.g. Burp Suite, Metasploit, NMAP, Wireshark, Nessus etc.)
  • Understanding of Secure Web Communications and Technologies
  • Strong Communication and Writing skills
  • Creative thinking and problem-solving skills
  • Comprehensive understanding of NIST 800-53 and OWASP testing requirements and methodologies
  • Additional skills (nice to have)

  • Functional knowledge of Burp Suite
  • Good understanding of network protocols
  • Security architecture knowledge of cloud computing platforms (e.g. Azure, AWS, GCP)
  • Creation or feature development of security tools
  • Experience in conducting open source intelligence assessments
  • Basic understanding of various operating systems (Windows, Unix / Linux), container technologies (Docker, Kubernetes) and virtualization technologies (VMware, Xen)
  • Primary Location : CRI-Heredia

    Function :

    Function - Security Governance and Compliance

    Schedule : Full time

    Full time

    Inscribirse
    Añadir a los favoritos
    Eliminar de mis favoritos
    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación