Mar 01, 2017
Candidate will be part of an experienced team that performs security threat/vulnerability assessments of critical Bank environments, applications, and technologies through both Ethical Hacking, Automated Web Scanning, and Source Code analysis. Candidate will focus on Ethical Hacking assessments. Must be able to act as a Subject Matter Expert to management and application owners on application vulnerabilities and security best practices. Associate will be required to follow standard methodologies and have the initiative to develop new and innovative processes. Working within a tight team framework, the associate must be results conscious as well as able to work within tight timelines. Candidate must be knowledgeable with business risks associated to common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities. Ability to work independently in a very large-scale, enterprise setting. Previous experience as an application security professional within a large Financial Institution a plus. Enterprise Role Overview Key individual contributor, with accountability for researching, designing, engineering, implementing, and supporting information security & directory technology systems ( software & hardware). Utilizes in-depth technical knowledge and business requirements to design & implement secure solutions to meet customer / client needs while protecting the Bank's assets. Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.). Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
Required Skills & Experience:
BS/MS in Computer Science (or relevant work experience in large scale IT environment)
At least 3 years of experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, and Business Logic Bypass, OWASP Top 10, SANS top 25, etc.)
Ability to demonstrate manual web application testing experience; i.e. candidate must be able to simulate a SQL inject/Cross-site script attack without the use of tools.
Expert level experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro, etc.)
Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
Experience with vulnerability assessment tools and penetration testing techniques. (e.g., web application proxies, packet capture analysis software , browser extensions, advanced penetration testing Linux distributions (i.e. BackTrack/Kali), static source code analyzers, SoapUI, etc.)
Experience penetration testing on mobile platforms such as iOS, Android, Windows & RIM
Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.
Demonstrated ability to learn and apply critical thinking to a variety of situations.
Desired Skills & Experience:
One or more of following certifications: CISSP, GWAPT, C-EH, OSCP, OSCE or qualified work experience
Experience as a developer a plus
Mobile programming abilities, such as Xcode, Objective-C a plus
Knowledge of Structured Query Language a plus.
Strong teamwork skills
Effective written and oral communication skills
Ability to multi-task and handle multiple projects
Ability to work in a fast paced, challenging environment.
Gables Search Group
Charlotte, NC, United States