Application Security Test Engineer


We are setting up a new DevSecOps team to work on a cloud-centric product. The team will use the latest technologies, frameworks, and approaches that merge development, security and operations to create the next generation platform for our customers that will allow them to run scalable applications in modern and dynamic environments.

Application Security Test Engineer has in-depth information security and information technology expertise, including industry knowledge and awareness of emerging technologies which impact cyber security. It requires a self-starting individual who is comfortable working across and partnering with a range of functions including Information, Development, Quality Assurance, Architecture with an emphasis on regulatory promote best practices throughout the enterprise.

What will I be doing?

Typical assignments will involve in-depth testing of the security of critical applications and discover possible gaps through use threat model, source code review, application behavior analysis, and other security framework or best practices, e.g. OWASP, OSSTMM, NIST publications, SANS/CWE.

  • You’ll be acting as a subject matter expert in offensive information security specialized in web programming and applications technology.
  • Performing penetration tests against applications of advanced complexity, writing reports documenting report findings including all vulnerabilities, potential issues, and strengths found during the test.
  • Research and Develop technology to automate security monitoring.
  • Maintaining the tracking of tickets for remediation of vulnerabilities and potential issues found during penetration tests.
  • Evaluating commercial and opening source tools to be used for the purposes of penetration testing.
  • Monitoring security controls and certify the required security testing is accomplished before a feature is released to production.
  • Establishing a security control baseline by identifying and documenting inheritable controls, selecting and documenting security controls.
  • Completing and processing static source code vulnerability analysis reports for in-house developed applications as directed.
  • Working in conjunction with the InfoSec department to support the company's commitment to protect the integrity and confidentiality of systems and data.
  • Providing technical guidance to developers on discovering and remediating software coding security vulnerabilities.
  • Partnering with architects and application development teams in developing secure software design.
  • Provide risk analysis for product features and architecture decisions.
  • Work independently and be seen as a technical contributor among staff and in the community.
  • Provide technical training to fellow technicians and other operations/engineering groups on current and future technology.

What skills do I need?

  • Minimum of 3 years of experience in performing penetration testing and participating in designing security controls for software application systems, hardware configuration, and network architecture for an enterprise environment.
  • Advanced knowledge of TCP/IP, networking, web applications, and databases.
  • Advanced working understanding of penetration test and security assessment procedures.
  • Advanced knowledge of web development and programming languages e.g. Java, .NET, Python, Perl etc.
  • Knowledge of network / Infrastructure security.
  • Motivation to learn and excel in the field as part of the DevOps culture and transition to a DevSecOps role that include modern cloud infrastructure systems such as Kubernetes, Docker, RabbitMQ and ELK.
  • Advanced experience using the any of the penetration test tools available in the market. Hands on experience in manual testing and automated tools like Whitehat, Burp suite, Metasploit, Nexpose , Nessus and Wireshark.
  • Advanced understanding of proxies and fuzzing techniques for various types of security assessments.
  • Advanced knowledge of Open Web Application Security Project (OWASP) Top 10 Vulnerabilities, testing procedures, and remediation recommendations.
  • Effective written and oral communication skills.
  • Proven ability to research recommend and document repeatable defense solutions.
  • Experience in Agile SDLCs including automated delivery systems such as Jenkins or GitLab CICD.Ability to perform architecture and source code review.
  • Ability to effectively present to peers, coworkers, and customers.

This is an exciting opportunity to work with a highly innovative and creative team, in a great working environment using the latest technologies, methodologies, and frameworks. A competitive salary and benefits package is on offer to the right candidate.

Najbolji proces selekcije u 2020. – IT industrija – 3. mesto


Please enter your comment!
Please enter your name here