Job Description Summary
Responsible for supporting a global program to identify, exploit, and communicate application and network layer risks including development of mitigation or remediation strategies.
Plan and execute complex Penetration Testing and Assessment exercises including leading or participating in Red / Blue team testing exercises.
Lead and manage multiple complex engagements and projects simultaneously.
Develop strong relationships within Security and with IT leaders in responsible business units in order to successfully execute security assessments and penetration testing.
Lead integration efforts within Security and with IT partners.
Management and internal client reporting to ensure risks are captured and prioritized as necessary.
Day to day responsibilities of this role
Triaging Web Applications and Web Services / APIs for Penetration Testing
Corresponding with Development Teams and Information Security Officers for access, credentials, and artifacts to conduct Penetration Testing
Conduct of Penetration Testing using both automated and manual procedures
Technical writing reports detailing vulnerabilities identified, to include evidence of exploitability
Bachelors of Science in Information Security preferred but not required
Years of experience required
5+ years Penetration Testing experience
Required technical skills (must have)
Experience in Computer Programming and Scripting (e.g. Python, Ruby, Perl, PowerShell)
Knowledge of Vulnerabilities and Exploits used for compromising Web Applications and Services
Experience in using security testing tools (e.g. Burp Suite, Metasploit, NMAP, Wireshark, Nessus etc.)
Understanding of Secure Web Communications and Technologies
Strong Communication and Writing skills
Creative thinking and problem-solving skills
Comprehensive understanding of NIST 800-53 and OWASP testing requirements and methodologies
Additional skills (nice to have)
Functional knowledge of Burp Suite
Good understanding of network protocols
Security architecture knowledge of cloud computing platforms (e.g. Azure, AWS, GCP)
Creation or feature development of security tools
Experience in conducting open source intelligence assessments
Basic understanding of various operating systems (Windows, Unix / Linux), container technologies (Docker, Kubernetes) and virtualization technologies (VMware, Xen)
Primary Location : CRI-Heredia
Function - Security Governance and Compliance
Schedule : Full time
Añadir a los favoritos
Eliminar de mis favoritos
Debes iniciar sesión en tu cuenta para agregar este empleo a tus favoritos. Haz clic en "Continuar" para acceder a tu cuenta o crear una cuenta nueva. Luego de iniciar sesión, podrás ver y organizar tus favoritos tanto en nuestro sitio web como en la aplicación móvil.