Full-Time Lead Penetration Tester (L1) Based in Pittsburgh, PA
- To lead in Security Testing related activities, providing technical assessment of scope, principal security concerns and testing methodology to relevant stakeholders, including face-to-face meetings when requested with app stakeholders.
- Drive the planning and execution of Application security based on new IT developments and operational services and relevant threat scenarios; plan, scope, execute and report on attack, and realistic threat scenarios.
- Report on findings, fixing high risk vulnerabilities as soon as possible and registering other vulnerabilities for later risk prioritization and remediation.
- Help creating prioritized overviews of vulnerabilities from SAST and DAST results and putting these in a context to communicate easily with the customer.
- Lead improvement projects in the Vulnerability area and coach and teach more junior team members to increase the knowledge within the team
- Setting up the Process for SAST and DAST security testing as well presenting and inspiring the offshore team too.
- Leader of the community for security practitioner, involved in review and writing full and thorough reports for each engagement that show quick and constant improvement, based on comments from QA and peers.
Experience and Qualifications required
- Has at least 5-8 experience in IT security and preferably in Application security testing.
- Experience to execute on various security tools like Checkmarx, Fortify , IBM appscan etc.
- Is an expert to understand the application security vulnerabilities and debrief the recommendation for mitigation.
- Has a solid understanding of programming languages like java, C,C++, .Net,python etc.
- Has excellent written and verbal communications skills and able to work with technical experts in the industry as well as able to connect with business stakeholders at a non-technical level.
40 total views, 1 today