Application Penetration testers /Dynamic Application Security Testing (DAST)
pplication Penetration testers /Dynamic Application Security Testing (DAST)
San Francisco CA or New York City, NY or Charlotte NC or Irving TX or Chandler AZ or Minneapolis MN (Hybrid 3-5 days onsite)
12+ Months
Web cam Interview
$55-$60/Hr on W2
NOT:
ā¢ Manager mentioned he has read many resumes the past 2 weeks However many of the candidates submitted were not true application penetration testers.
ā¢ He saw many who would classify as a QA analyst by their job classification.
ā¢ He saw many others where they worked with third parties who did pen tests, but they never did tests themselves.
ā¢ He is also seeing a lot of people who run vulnerability scans, however this is not Dynamic Application Security Testing (DAST).
Description:
ā¢ In this contingent resource assignment, you may: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering and contribute to large-scale planning related to Information Security Engineering deliverables.
ā¢ Review and analyze moderately complex Information Security Engineering challenges that require an in-depth evaluation of variable factors.
ā¢ Contribute to the resolution of moderately complex issues and consult with others to meet Information Security Engineering deliverables while leveraging solid understanding of the function policies procedures and compliance requirements.
ā¢ Collaborate with client personnel in Information Security Engineering.
Required Qualifications:
ā¢ 4 years of Information Security Engineering experience or equivalent demonstrated through one or a combination of the following: work or consulting experience training military experience education.
Skills:
The Senior Information Security Engineer will:
ā¢ Conduct Dynamic Application Security Testing (DAST) through manual testing and by using automated testing tools
ā¢ Review test results from tools
ā¢ Ensure that DAST tests are completed successfully
ā¢ Identify and remove any false positives from automated testing tool reports
ā¢ Triage & Disposition results and enforce a Bug Bar
ā¢ Verify/validate defect fixes
ā¢ Provide application security consulting SME Support to developers
ā¢ ssist developers with understanding of security defects and risk
ā¢ ssist in defining acceptable solution to fix defects
ā¢ Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
ā¢ Develop and review malicious use cases/threat models
ā¢ Maintain a broad understanding of security technologies and products
Requirements:
ā¢ 5 years of information security applications and systems experience
ā¢ 3 years of DAST Dynamic Application Security Testing experience
ā¢ 3 years of automated information security penetration tools experience
ā¢ Penetration testing certification such us GPEN GXPEN GWAPT or OSCP
Apply tot his job
Apply To this Job
San Francisco CA or New York City, NY or Charlotte NC or Irving TX or Chandler AZ or Minneapolis MN (Hybrid 3-5 days onsite)
12+ Months
Web cam Interview
$55-$60/Hr on W2
NOT:
ā¢ Manager mentioned he has read many resumes the past 2 weeks However many of the candidates submitted were not true application penetration testers.
ā¢ He saw many who would classify as a QA analyst by their job classification.
ā¢ He saw many others where they worked with third parties who did pen tests, but they never did tests themselves.
ā¢ He is also seeing a lot of people who run vulnerability scans, however this is not Dynamic Application Security Testing (DAST).
Description:
ā¢ In this contingent resource assignment, you may: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering and contribute to large-scale planning related to Information Security Engineering deliverables.
ā¢ Review and analyze moderately complex Information Security Engineering challenges that require an in-depth evaluation of variable factors.
ā¢ Contribute to the resolution of moderately complex issues and consult with others to meet Information Security Engineering deliverables while leveraging solid understanding of the function policies procedures and compliance requirements.
ā¢ Collaborate with client personnel in Information Security Engineering.
Required Qualifications:
ā¢ 4 years of Information Security Engineering experience or equivalent demonstrated through one or a combination of the following: work or consulting experience training military experience education.
Skills:
The Senior Information Security Engineer will:
ā¢ Conduct Dynamic Application Security Testing (DAST) through manual testing and by using automated testing tools
ā¢ Review test results from tools
ā¢ Ensure that DAST tests are completed successfully
ā¢ Identify and remove any false positives from automated testing tool reports
ā¢ Triage & Disposition results and enforce a Bug Bar
ā¢ Verify/validate defect fixes
ā¢ Provide application security consulting SME Support to developers
ā¢ ssist developers with understanding of security defects and risk
ā¢ ssist in defining acceptable solution to fix defects
ā¢ Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
ā¢ Develop and review malicious use cases/threat models
ā¢ Maintain a broad understanding of security technologies and products
Requirements:
ā¢ 5 years of information security applications and systems experience
ā¢ 3 years of DAST Dynamic Application Security Testing experience
ā¢ 3 years of automated information security penetration tools experience
ā¢ Penetration testing certification such us GPEN GXPEN GWAPT or OSCP
Apply tot his job
Apply To this Job