Test Security Engineer
Endava
Bucharest, Romania
5 zile în urmă

Responsibilities

  • Perform both static (SAST) and dynamic (DAST) security tests
  • Create Threat models for the application together with the stakeholders
  • Run security tests, analyze results, and create reports to summarize findings and recommendations
  • Investigate security issues and find their root causes
  • Work with developers, architects, technical support teams and functional testers to understand applications in detail and discover ways to improve the system security
  • Communicate with project managers, product owners and business analysts to accurately report security test status
  • Work with business stakeholders to define security requirements, advising them when necessary
  • Plan and estimate effort required for security testing
  • Review the security testing process and work with the existing team members to suggest and implement improvements
  • Look for ways to involve security testing earlier in the software lifecycle, in both Agile and waterfall-based projects
  • Work with stakeholders to increase the security knowledge inside the team
  • Evangelize the industry’s security standards (e.g. OWASP top 10, PCI DSS, etc.)
  • Qualifications and Experience

    Mandatory skills :

  • At least 3 years of experience working in security testing
  • Good knowledge of at least one security vulnerability scanner - either commercial (e.g. Acunetix, BurpSuite) or open source (e.g. OWASP ZAP)
  • Good knowledge in at least one SAST tool (e.g. Checkmarx)
  • Good knowledge in at least one of the Threat Modeling techniques (e.g. STRIDE, PASTA, etc.)
  • Good knowledge on OWASP tools and testing guide
  • Experience of testing both web applications and web servers
  • Familiar of at least one programming language e.g. Java, C#, Python, etc
  • Familiar with different operating systems (Windows / Linux) usage and configuration
  • Familiar with security frameworks (e.g. Metasploit, BeEF)
  • Familiar with vulnerable applications samples (e.g. Mutillidae, DVWA, etc.)
  • Awareness of different middleware technologies
  • Awareness of the PCI DSS standards
  • Ability to understand / analyze an application’s architecture to assess security risks
  • Good English communication (spoken / written) and presentation skills
  • Flexible and able to adapt to changing priorities and working practices
  • Team oriented attitude and the ability to work well with others to achieve a common goal
  • Desirable Skills :

  • Linux OS knowledge
  • Database knowledge
  • Security certification is a plus (e.g. CEH, PenTest+, etc.)
  • IoT and Cloud security
  • Malware analysis
  • Mobile Security
  • Microservices architecture
  • Proactivity
  • Familiar with Continuous Integration, Agile Development Principles and Scrum Methodology
  • Additional Information

    Created by Tanasie, Alexandra at 2020-02-04 09 : 37 : 20

    Last Taleo status : Canceled

    Raportați această lucrare
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Aplică
    Email-ul meu
    Făcând clic pe "Continuă", acord nevoo consimțământ de a procesa datele mele și de a-mi trimite alerte prin e-mail, așa cum este detaliat în policyApplicația de confidențialitate a lui neuvoo. Pot să-mi retrag consimțământul sau să mă dezabonez în orice moment.
    Continuă
    Formular