Senior Penetration Test Engineer
What will you be doing?
As a Pen Test Engineer you will join our highly skilled Product Engineering team and will have the opportunity to work and learn in a collaborative, agile environment while contributing to the evolving Security/Penetration test practices necessary to adapt to new challenges presented by a rapidly expanding business.
The role involves undertaking Application Penetration Testing on AWS Cloud platforms and on-premise environments whilst proactively identifying vulnerabilities in the firm's applications including recommended remediations.
You will work closely and collaborate with Testers and Developers and other cross functional teams (e.g. Cloud Operations, Product Teams, Product Owners) to ensure the successful delivery of secure solutions.
What do we need?
FINEOS are looking for a Senior Pen Test Engineer who demonstrate a keen passion for discovering and researching new vulnerabilities and exploitation techniques, has an ability to improvise and try various methods until successful in an assigned task and has a knowledge of existing and emerging Information Security technologies.
As part of this position we will be looking for excellent communication skills.
Why work in this team?
The role provides you the opportunity to further develop your Pen testing skills, whilst helping us build out Pen Test expertise within the Product Engineering Test Team, making key contributions to security guidelines for common security issues, remediation guidance and security technology baselines.
As the successful candidate, you will be given training on latest software industry practices as well as test automation development. You will get exposure to and experience of working with cloud technologies. As part of an expanding company and Agile development organisation there will be significant opportunities to further your career.
- Perform Web Application penetration testing (ethical hacking) and vulnerability scanning.
- Participate in Security Assessments of applications and systems.
- Log and report issues including risk profile, root cause analysis and propose enhanced security protections to prevent similar instances recurring.
- Draft Pen Test Reports including conclusions/recommendations.
- Security research on current best practices, trends, threats/vulnerabilities.
- Document and disseminate security guidelines for common security issues, remediation guidance and security technology baselines.
- Automation of test cases based on best practice guidelines and FINEOS standards using Java Selenium WebDriver/Framework
- Develop tools and exploits to support application penetration testing.
- Participate in the development and implementation of Security Policies and Procedures.
- Participate within the wider Test Community of Practice.
- Be the Security Champion and proactively participate in expanding internal Security/Pen Test knowledge and expertise across the Test arena.
- Provide mentoring and guidance to team members.
- Liaise with Clients and 3rd Party Security/Pen Test Providers.
- Liaise with Cloud Operations, Scrum Teams, Product Owners, System Support teams to ensure successful delivery of secure Cloud solutions.
- Coordinating, planning and completion of Security/Pen Test tasks and activities.
- Degree in Computer Science or equivalent.
- Industry certification (e.g. OSCP, OSCE, OSWE, CISSP or SANS certifications).
- Minimum of 3 to 5 years of experience in the areas of Web application and perimeter penetration/security testing andvulnerability assessments.
- Knowledge of penetration testing and vulnerability assessment tools such as OWASP Tools (e.g. Zap,Web Scarab, SQLix, CAL9000), Kali Linux Penetration Tools (e.g. Burp Suite, Arachni, Sqlmap, Vega), Nmap, W3af, Wireshark, Acunetix.
- OWASP Top 10 knowledge.
- Middle Software knowledge (Tomcat, JBoss, WebSphere, WebLogic).
- Knowledge of Information Security principles, protocols and best practice standards.
- Passion for discovering and researching new vulnerabilities and exploitation techniques.
- Knowledge of existing and emerging Information Security technologies.
- Ability to improvise and try various methods until successful in an assigned task.
- Experience of defining/contributing to Security Policies/Procedures and Security Test requirements and strategies.
- Knowledge of Web Services technologies such as XML, JSON, SOAP, REST and AJAX.
- Good understanding of SQL, XSS, CSRF, XXE, and other trends in web exploitation.
- Experience of scripting/programming languages (e.g. JAVA, JAVA script).
- Test Automation – good Selenium Web Driver experience.
- Experience of Test tools like SoapUI, Junit.
- Excellent written and verbal communication skills with experience of liaising with Clients.
- Ability to multi task, troubleshoot, use own initiative and work to tight deadlines.
- Flexibility and willingness to travel to client sites – if required.