Currently, Experian is seeking a motivated ApplicationPenetration Tester to join our team in Allen, TX.Thisrole is for an Expert Application Penetration Tester who is a self-starter, hasgood communications and organization skills and is able to mentor and leadjunior team members.
This is a growing team, with senior leaderships supportand visibility. This role is involved in projects or issues of high complexitythat requires an individual who can quickly think on their feet, challenge thestatus quo, and rapidly move from ideation to delivery.
- Communicate and co-ordinatewith application teams in multiple countries and evaluate the security ofapplications.
- Evolve the deliverymodel for the Application penetration testing service, including processoptimization, periodic tool evaluation, testing methodologies, rollout of bestpractices, etc.
- Mentor and lead juniorapplication penetration testers by providing direction, coordination, planning,training and coaching.
- Develop and maintainKPIs to help measure and improve the Penetration Testing Service.
- Ensure effective knowledgemanagement of findings and review results of penetration testing in order todetermine severity of findings and identify potential remediation or mitigationstrategies
- Monitors and reports progress,problems and solutions in a timely manner. Follows through to ensure dollarsand time estimates are realized within planned limits.
- Effectivelycommunicatesto management and business sponsors the statusof projects and issues as they relate to the testing process.
- Provides clear, consistent,regular communication with all project stakeholders at all levels, includingpresentations to senior management, creating agendas and meeting minutes.
- In-depth research of the latestadversarial tactics, techniques and procedures (TTPs) and technologies toremain at the bleeding edge.
- Create and support KPIs andKRIs that measure risk reduction and progress over time.
Knowledge, Experience & Qualifications
- Bachelor’s degree in relatedfield (Business, Information Services, IT, Information Security, etc.);Master’s preferred.
- 8years of hands on ApplicationPenetration testing experience.
- A Self Starter with strongorganizational skills, including the ability to deliver with minimalsupervision and experienced in working in an onsite-offshore model.
- Expert knowledge and hands onexperience of penetration tools such as Kali linux, Burpsuite, Nessus,Metasploit etc.
- Expertknowledge of existing, emerging threats, web security principles and attackvectors
- Abilityto Author detailed and articulate penetration test reports, includingprescriptive recommendations for remediation options
- Extensive knowledge ofinformation and technologysecurity management technologies, methods,standards, and processes as well as knowledge of compliance, legal, internal /external audit & regulatory requirements.
- Strong Expertise with Open Source Security TestingMethodology Manual (OSSTMM), Open Web Application Security Project (OWASP), andNational Institute of Standards and Technology (NIST) Special Publications
- Strong expertise in thecollaboration, facilitation and coordination with the business units for themitigation of risks.
- Strongunderstanding of Application Design, DevOps, TCP/IP fundamentals, networkprotocols, system administration and networkarchitectures.
- Experience and exposure tolarge organizational implementations of vulnerability management programs, withspecific emphasis on application security, metrics development and reporting.
- Experiencewith programming at least one of the following: Perl, Python, ruby, bash, C orC++, C#, or Java, including scripting and editing existing code
- Knowledge of Web Frameworkssuch as Spring, Struts Hibernate, ASP, JSP etc and APIs (JSON/REST/SOAP)
- Understanding of APIs(JSON/REST/SOAP) An aptitude for technical writing,including assessment reports, presentations and operating procedures.
- Strong problem solving and projectexecution skills. Ability to handle changing priorities and drive difficult decisions.
- Ability to solve very complexsecurity issues that span multiple components in an Application infrastructure.
- Ability to lead and motivate theteam to achieve tactical and strategic goals.
- Knowledge of common informationsecurity management frameworks, including but not limited to: ISO 27001/27002,ITIL, COBIT and NIST is desired.
- Professional securitymanagement certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials,is desired\
Job Number: 17746