back Back to Jobs

Security Test Engineer (Product Security)



Location: Austin, TX
Job # 11364083
Date Posted: 09-12-2018
Security Test Engineer
Austin, TX 73301

Resumes to: recruiter@romackinc.com

Our client is currently experiencing incredible growth in order to meet the security needs of the world’s largest technology company. With team members located in over 15 countries, you will have an excellent opportunity to influence the security culture at the client and further develop your career. 

Worldwide provider of information technology services and business solutions to a broad range of clients. We seek men and women who share our values, thrive in a team environment, and recognize the importance of accountability; people who strive to exceed expectations to ensure our Clients' success.

Key Responsibilities
  • Lead the security testing strategy in the organization
  • Lead security testing education strategy to teach other engineers at client how to find and address security issues in products
  • Research and deploy the cutting edge testing tools that help advance security testing
  • Lead security testing engagements with product teams and mentor engineers on security testing  methodologies and techniques
  • Write custom tools that can help product teams in doing efficient security testing
  • Work with developers and testing/quality engineers to provide solutions for discovered security issues and provide product teams with scripts and tools used to produce the issues
  • Find the 0-days in products before anyone else does
  • Document and share with the product teams which issues are discovered including the steps to reproduce and mitigate them
  • Document generic test cases for publication in the organization knowledgebase
  • Collaborate and contribute to security testing community across the company to share best practices
  • Write white papers on different testing topics and present in conferences

Essential Requirements
  • Bachelor’s Degree in Computer Science or related field
  • 12+ years of related experience
  • Hands-on experience in dynamic analysis, container testing, fuzzing, OWASP top 10, SANS/CWE top 25 and vulnerability scanning
  • Experience in understanding and leveraging reports from scanners such as IBM Appscan, Nessus, Qualys, Twistlock
  • Proven experience in discovering authentication and authorization bypass defects
  • Experience in finding 0-days and writing exploit
  • Experience in extending the tools like ZAP, BURP…
  • Be able to think like an attacker and make sure that the clients products are ready to stand up to current and future attacks
  • Subject Matter Expert on software vulnerability types and exploitation
  • Knowledge of how to test code and applications across various platforms (Linux, Windows, etc.) for security issues
  • Knowledge of at least one programming or scripting language such as Python, Java, C, Ruby etc.
  • Strong understanding of the network stack including ports and protocols
  • Experience performing application black-box and white-box penetration testing preferred
  • Certifications such as CEH, CISSP, Security+ a bonus
  • Good presentation & documentation skills
this job portal is powered by CATS