Application Penetration testers /Dynamic Application Security Testing (DAST)
pplication Penetration testers /Dynamic Application Security Testing (DAST) San Francisco CA or New York City, NY or Charlotte NC or Irving TX or Chandler AZ or Minneapolis MN (Hybrid 3-5 days onsite) 12+ Months Web cam Interview $55-$60/Hr on W2 NOT:
- Manager mentioned he has read many resumes the past 2 weeks However many of the candidates submitted were not true application penetration testers.
- He saw many who would classify as a QA analyst by their job classification.
- He saw many others where they worked with third parties who did pen tests, but they never did tests themselves.
- He is also seeing a lot of people who run vulnerability scans, however this is not Dynamic Application Security Testing (DAST).
Description:
- In this contingent resource assignment, you may: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering and contribute to large-scale planning related to Information Security Engineering deliverables.
- Review and analyze moderately complex Information Security Engineering challenges that require an in-depth evaluation of variable factors.
- Contribute to the resolution of moderately complex issues and consult with others to meet Information Security Engineering deliverables while leveraging solid understanding of the function policies procedures and compliance requirements.
- Collaborate with client personnel in Information Security Engineering.
Required Qualifications:
- 4 years of Information Security Engineering experience or equivalent demonstrated through one or a combination of the following: work or consulting experience training military experience education.
Skills: The Senior Information Security Engineer will:
- Conduct Dynamic Application Security Testing (DAST) through manual testing and by using automated testing tools
- Review test results from tools
- Ensure that DAST tests are completed successfully
- Identify and remove any false positives from automated testing tool reports
- Triage & Disposition results and enforce a Bug Bar
- Verify/validate defect fixes
- Provide application security consulting SME Support to developers
- ssist developers with understanding of security defects and risk
- ssist in defining acceptable solution to fix defects
- Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
- Develop and review malicious use cases/threat models
- Maintain a broad understanding of security technologies and products
Requirements:
- 5 years of information security applications and systems experience
- 3 years of DAST Dynamic Application Security Testing experience
- 3 years of automated information security penetration tools experience
- Penetration testing certification such us GPEN GXPEN GWAPT or OSCP
Apply tot his job Apply To this Job