Our client is seeking an Enterprise Application Tester to supplement internal efforts to move applications from on-prem to SAP/Cloud. All applications are being re-built so this person will be responsible for assisting in completion of the security and vulnerability tests. Enterprise scale and scope with strong experience performing manual web application vulnerability assessments without automated tools such as web application scanners. This opportunity is located in Spring, TX!
Duties:
Perform manual vulnerability assessments for web, SAP, Cloud, and Mobile applications as well as traditional infrastructure penetration testing
Create extremely high-quality written reports containing the findings from web and thick-client vulnerability assessments, as well as the ability to articulate those findings to peer technical staff as well as various levels of management
Capture and analyze network traffic, including ability to discern whether said network traffic contains vulnerabilities and/or sensitive data
Desired Skills/Experience:
3+ years of experience with enterprise-level security control implementations, including Network Intrusion Detection/Prevention (NIDS/NIPS), Corporate Antivirus, Enterprise Web Filtering, Data Loss Prevention, Insider-threat Mitigation, Botnet Detection, etc., as well as demonstrable knowledge of the principles and techniques used to bypass said controls
2+ years of experience penetration and vulnerability testing for web and thick-client applications in an enterprise environment
1+ years of experience with programming and/or scripting in one or more of the following languages: .NET, Java, PHP, Ruby, Perl, Bash, or similar language
1+ years of experience with SQL, including a strong understanding of SQL syntax and the ability to perform basic management of MS SQL databases
Strong understanding of web technologies, e.g. HTTP, HTML, CSS, Forms, Database Connectivity, etc.
Understanding of compliance and regulatory requirements such as PCI DSS, SOX, HIPAA, etc.
Full grasp and ability to articulate and/or train others on the "OWASP Top 10" and related concepts
Ability to perform manual web application vulnerability assessments without the use of automated tools such as web application scanners
Solid grasp of core security fundamentals and concepts, including knowing one's system, defense in depth, the principle of least privilege, access control, encryption and cryptography, security architecture and design, business continuity and disaster recovery, etc.