San Antonio, TX
Industry: Professional, Scientific & Technical Services•
Less than 5 years
Posted 164 days ago
Overview & Responsibilities
We are looking for a Mid-Level Security Developer in Test to join our Security Engineering team in San Antonio, Texas! This new team member will have the opportunity to work with the best and the brightest developers and teams across Rackspace!
Do you enjoy working in a fast paced environment where your feedback and expertise on security is taken seriously? Do you get excited when given the opportunity to conduct security testing? Do you like working with diverse teams with different technical backgrounds? If this sounds like you then continue to read on!
You will be on the front lines working with Cloud developers as new technology is being developed and deployed. As part of the Cloud team you will be testing applications throughout the lifecycle looking for vulnerabilities in the application and infrastructure. Additionally, you will get the opportunity to provide ‘real world’ mitigation efforts by working closely with the development and QE teams.
Writes security test scripts to determine the security posture of a given product including all integration and dependencies.
Conduct security testing for product applications developed by Rackspace including microservices and all web applications.
Participates in manual and automated security code reviews.
Collaborates with other quality and development engineers to build, evolve and maintain a scalable continuous build and deployment pipeline.
Develop automated security tools to improve test process.
Develop and/or recommend appropriate mitigation countermeasures in development, operational, and nonoperational situations.
Knowledge of web protocols, networking and systems.
Must possess the ability to understand new concepts quickly and apply them accurately through an evolving, dynamic environment.
Development experience with one of the following languages: Python, Java, Go or Ruby.
Understanding of XML, XSD, Json, WSDL and Soap.
Understanding of the Agile development process (Scrum, XP, Kanban etc) from the test design, test automation and execution perspective.
Knowledge of Security/QA Processes and Methodologies.
Familiarity with Continuous Integration and Delivery (CI/CD) concepts.
Strong problem solving and analytical skills.
Strong working knowledge of software development, web development, API development, web/API security testing, and host base vulnerability assessments.
Demonstrated knowledge of OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation.
Ability to perform security source code reviews and communicate analysis to technical and non-technical teams.
Knowledge of encryption standards and protocols.
Knowledge of authentication methodologies and protocols.
Database knowledge in MySQL or Oracle.
Knowledge of methods for evaluating, implementing, and disseminating security tools and procedures.
Knowledge of network security architecture, including the application of Defense-In-Depth principles.
Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
Assesses and evaluates application architectures.
Develops and implements security test solutions into a CI/CD process.
Verifies that application security posture is implemented as stated, documents deviations, and determines required actions to correct those deviations.
Consults with developers to gather and evaluate security requirements and translates these requirements into technical solutions.
Incorporates security solutions into application designs.
Performs threat and vulnerability analysis during application or system design or major infrastructure design change.
Plans and conducts security vulnerability reviews for applications.
Operates under general supervision.
Bachelor’s degree in Computer Science or a technology related field required.
3 years of experience in security testing, software development, or test automation.
An understanding of test design, test automation, and execution perspective.