Application Security Testing Expert
We are seeking an expert Application Security Testing Engineer who will conduct application and related infrastructure security testing, security risk assessments, and operational execution against our existing security programs. Provide leadership to product development teams to ensure the confidentiality, integrity and availability of client and corporate assets. As well as work closely with various internal stakeholders to provide security guidance and improve the overall security posture to meet the expanding and changing business needs of the organization.
Successful candidate will provide leadership and support to expand Imperva's Red, Blue, and Purple Teams. The successful candidate will have verifiable experience in leading advanced exploitation operations against a large global enterprise, including Red and Purple Team operations. This role will manage the Adversary Emulation program by emulating cyber and criminal threat actors targeting Imperva.
The candidate will conduct Intelligence-led Red Team Testing and Penetration Testing targeting people, process, and technology. The candidate may also conduct regulatory driven Red Team Testing and interface with regulators and global clients. Establishing meaningful partnerships with relevant stakeholders across Imperva to build and maintain a comprehensive model of applicable, feasible threats, and risks to the business will be another key function for this role.
Pre-requisites for this position in addition to relevant education and work experience:
• Familiarity with MITRE's ATT&CK Framework
• Leading or conducting Adversary Emulations
• Familiarity with industry Adversary Emulation Frameworks like CBEST, iCAST, GFMA
• Leading or conducting Purple Team Testing
• Participation in Cyber Tiger Team operations
• Conducting Vulnerability Assessments and Penetration Testing (application and/or infrastructure) and articulating security issues to technical and non-technical audience
• Identifying, researching, validating, and exploiting various different, known, and unknown security vulnerabilities on the server and client side
• Reporting information security vulnerabilities to businesses and senior management
• Providing support in remediation efforts
• Red Team testing tools. e.g. Cobalt Strike, Red Team Toolkit.
• Vulnerability Assessment tools. e.g. Nessus, Qualys, etc
• Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact
• Social Engineering campaigns. e.g. email phishing, phone calls, SET
• Deep understanding of OSI model
• Security devices, i.e. Firewalls, VPN, AAA systems
• OS Security. e.g. Unix/Linux, Windows, Cisco
• Understanding of common protocols. e.g. LDAP, SMTP, DNS, Routing Protocols
• Web application infrastructure. e.g. Application Servers, Web Servers, Databases
• Web development and programming languages. e.g. Python, Perl, Ruby, Java, .Net
Industry-accredited security certifications will be required (the candidate must have or be willing to obtain all of the following certifications – GIAC GXPN, GPEN, GCIH, CISSP, and OSCP. Knowledge of tools and processes used to expose known and undocumented vulnerabilities in various different systems.
Imperva is an analyst-recognized, cybersecurity leader—championing the fight to secure data and applications wherever they reside. Once deployed, our solutions proactively identify, evaluate, and eliminate current and emerging threats, so you never have to choose between innovating for your customers and protecting what matters most. Imperva—Protect the pulse of your business.