Application Security Engineer - Penetration Testing
Hungry. Humble. Honest.
Our values form the foundation of who we are and how we operate every day around the world. They show up in our ambition to achieve our dreams, our courage to do what matters, and our tenacity to keep customers happy. At Nutanix, we prize those unique individuals who demonstrate empathy, respect differences, and appreciate others. If you’re authentic, credible and transparent—someone who walks your talk and thrives on collaboration—we want you to join our team!
Be a part of building a company that is truly leading an IT revolution. We make infrastructure invisible, elevating IT to focus on the applications and services that power their business. Led by Dheeraj Pandey, one of CRN’s “Top 25 Innovators of 2016,” Nutanix welcomes big thinkers and budding entrepreneurs, those who are unafraid to take on seemingly impossible challenges and interested in learning how to build a business along the way.
Nutanix employees enjoy some amazing benefits and perks: healthcare, plenty of snacks, employee (and family) events, world renowned speakers, training and development, and much more. See what life is like at Nutanix by following us on Twitter: @NutanixCareers and Instagram: @Nutanix
The ideal candidate will:
- Have a strong working, hands-on knowledge of application security and secure development lifecycle (SDL)
- Have experience with penetration testing, related tools and techniques. Manual testing must be an area of expertise, not simply automated “scanning.”
- Work with product teams to coordinate penetration testing, including verification of environments and accounts and negotiation of additional access when necessary
- Have experience integrating static code analysis and into penetration tests
- Have experience evaluating cloud environment configurations, such as bucket policies, IAM policies, security groups and ACLs, for security vulnerabilities and integrating these findings into the pen test
- Have interest in expanding skills to include newer technology areas, such as Kubernetes, with an eye to security weaknesses
- Have understanding of application development and build practices
- Have strong communication skills such that defects found during penetration tests can be communicated effectively to development teams
- Run ad-hoc burp security scans of web applications and APIs that present complex authentication scenarios.
- BS degree or 3+ years of information security and/or application security experience.
- Seasoned experience with modern web applications frameworks and their security requirements
- Strong proficiency with tools like Burp Suite Professional, nmap, zap, sqlmap, dirbuster, Kali Linux generally, and other penetration testing tools
- Working knowledge of Rest API testing and related tools, including Postman
- Working knowledge of json, xml, http headers and related rest api authentication / authorization approaches
- Knowledge of top security flaws and resolutions as listed by OWASP and SANS
- Knowledge of Web Application Firewalls, SSL/TLS, Forward and reverse proxies.
- Ability to write scripts in bash, python, ruby, java and similar modern programming languages
- Working knowledge of at least one cloud computing platform, such as AWS or Azure
- Ability to collaborate with technical and vendor personnel, cloud service providers
Nutanix is an equal opportunity employer.
The Equal Employment Opportunity Policy is to provide fair and equal employment opportunity for all associates and job applicants regardless of race, color, religion, national origin, gender, sexual orientation, age, marital status, or disability. Nutanix hires and promotes individuals solely on the basis of their qualifications for the job to be filled.
Nutanix believes that associates should be provided with a working environment that enables each associate to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, religion, national origin, gender, sexual orientation, age, marital status or disability.
We expect and require the cooperation of all associates in maintaining a discrimination and harassment-free atmosphere.