Senior Information Security Specialist

About the Job

• Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
• Ensure the enforcement of enterprise security documents.
• Comply with all legal and regulatory requirements pertaining to data security and privacy.
• Conduct Web application security testing.
• Conduct API security testing.
• Conduct Mobile Application security testing on iOS and Android platforms.
• Conduct security assessments on a wide variety of technologies and implementations.
• Simulate sophisticated cyberattacks to identify vulnerabilities for clients worldwide.

Job Requirements

• Bachelor degree of computer science or equivalent.
• 5 years’ experience in information security with a focus on web application security testing / penetration testing experience.
• Experience with API testing and Mobile Application testing.
• Familiarity with XML, SOAP, JSON, GoogleAndroid and AJAX.
• Hands-on experience with two or more scripting languages such as Python, Powershell, bash, or Ruby.
• Familiarity with Security Assessment tools/ penetration testing tools and tool suites such as Burp Suite Pro, Acunetix, NetSparker, Kali Linux, Fortify WebInspect etc.
• An aptitude for technical writing, including assessment reports, presentations and operating procedures.
• Strong understanding of security principles, policies and industry best practices.

Bonus Points:

• Database administration, device configuration hardening and compliance.
• Experience with common web frameworks, for example, jQuery, Bootstrap, Django, etc.
• Experience with common development languages, for example, ASP.net, Java, , JavaScript, etc.
• Familiarity with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications.
• Working knowledge of defensive security techniques and technologies.
• OSCP/E, GWAPT, GPEN, or GXPN certification(s) is a plus.