Penetration Testing Engineer
Sony Music
New York, NYThis was removed by the employer on 6/4/2019 1:49:00 PM PST
Not to worry we have many other jobs on the site;
Browse all jobs
Browse the IS/IT Category
Search for Penetration Testing Engineer jobs in New York-NY
Search all Penetration Testing Engineer postings
Full Time Job
The Application Security Engineering Manager is primarily responsible for managing and controlling a process for threat based penetration testing and application validation. You will be working with the Information security team to execute a process to continually identify vulnerabilities in the existing application and infrastructure landscape. You will provide threat intelligence, and work with the teams to enhance existing security protocols and perform additional penetration testing, as needed.
This position will also require you to analyze and gather data from the penetration testing and provide guidance from your analysis in order to improve and alleviate any risk noted for the specific application and/or system. Your reporting and testing methodology will provide indicators and recommendations that will be used to gauge the vulnerabilities and also provide solutions to mitigate and resolve issues.
Responsibilities
• Work closely with application, network and infrastructure teams when performing tests against new or existing systems.
• Use manual techniques to exploit identified vulnerabilities like cross-site scripting, SQL injections, session hijacking and buffer overflows to obtain controlled access to target systems.
• Validate vulnerability assessment results where appropriate, prioritize the remediation requirements and work with network, infrastructure and desktop teams to address security problems
• Perform exploit analysis for identified vulnerabilities manually, with custom scripts or use tools such as Metasploit.
• Work closely with the application development teams, technology teams and the other members of the Information Security team to identify and remediate security issues as part of Incident Response.
• Be a part of the SDLC process for testing of new application systems/infrastructure.
• Participate in multiple organizational areas such as security architecture and design, service delivery, training and client communication.
• Configure and educate on the use vulnerability assessment scanners (ex: Qualys, Nessus, Nmap, Metasploit, Snort, Nexpose, etc).
• Create, maintain and report metrics that measure effectiveness of various security controls.
• Develop and maintain a formal reporting process highlighting results, conclusions, and recommendations which can be viewed by peers and senior management.
• The ability to articulate risks and findings to management.
Qualifications
Education and/or Experience:
• Minimum of (5) years of network penetration and application security experience is preferred.
• Bachelor’s degree, preferably in Computer Science or related course of study.
• Preferred certifications: SANS training, GIAC or Offensive Security or similar certification.
• Experience in Information Security, particularly in vulnerability assessments, penetration testing, security architecture reviews, web application security reviews, and wireless security assessments.
• Experience in attack and penetration testing of internet infrastructure and web-based applications.
• Manual testing experience in addition to the use of automated tools is a plus.
• Experience in assisting and performing application source code security reviews is desired.
• Adept at reviewing and understanding the following programming languages such as Java, Node.js, PHP, Python, Ruby, and .NET is a plus.
• Knowledge and understanding of OSI model, HTTP, TCP/IP, SSL, SSO and other web technologies.
• Solid experience in network security (firewall, IDS & IPS) evasion techniques.
Decision/Problem Solving Skills:
• Strong analytical skills.
• Adept at learning new technologies.
• Ability to handle simultaneous projects, prioritize tasks and meet deadlines.
• Strong written and verbal communication skills and the ability to interact well with different levels within the organization.
• Ability to work well in a collaborative, team oriented environment.
• Excellent organizational skills and attention to detail.