Go behind the scenes in Spok's Eden Prairie, MN office by watching this video: Transforming an Industry. You'll learn about the solutions Spok develops, and why collaborating to build them means so much to our employees. You'll also get a feel for our company culture of collaboration, and the underlying beliefs, values, and people that make Spok a great place to work.
Spok is looking for a security testing engineer to join our growing team in "greenfield" development. We're looking for someone who has a passion for world-class software development, has a deep understanding of offensive security techniques, information security practices, and has knowledge across a wide range of technology stacks. This person will join us in caring about customers who trust Spok to protect and secure their data. In this position you will be a key member of the team in communicating potential targets, security weaknesses, exploits, and vulnerabilities to our business and technical teams using both technical and non-technical terms that the business understands.
You might be a good fit if you enjoy learning new things, thinking outside the box and have an innate curiosity of how things work and how to solve problems.
Essential Duties and Responsibilities include the following. Other duties may be assigned.
- Define security testing approach and plan by working closely with architects and developers to ensure appropriate artifacts are built into test plans
- Test and verify software security in compliance with technical reference architecture
- Configure, run and monitor automated security testing tools
- Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary
- Troubleshoot and communicate issues that arise
- Perform security research, analysis, and testing via threat modeling, vulnerability assessment, source code analysis, penetration testing, and/or social engineering across different applications, platforms and systems
- Clearly outline and document risk impacts of test findings in reports
- Present findings to bring all stakeholders to a common understanding of the security issues, risks, its impact and remediation plan
- Revise documents as tactics and technics evolve to address new and emergent threats and trends
- Educate our product teams on security best practices
- Provide guidance on different areas of security technology, including: network security, platform security, authentication/authorization systems, application security, policy enforcement, and security frameworks
- Proactively protect the integrity, confidentiality, and availability of information processed by and/or in the custody of the organization
- Other duties may be assigned.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and/or Experience:
Bachelor's degree (B. A. or B.S.) from four-year college or university in Computer Science, Engineering, or Information Technology or related field required and 6+ years of related experience; or 4+ years' related experience and/or training with a Master's degree; or equivalent combination of education and experience. Master's degree preferred.
- 4+ years hands on security testing or development experience
- Proven experience working with modern penetration testing tools and methods, such as BurpSuite or Metasloit
- Experience with Network, Application, Web, Mobile pen testing concepts
- Experience using scripting languages (Ruby, Perl, Python, PHP, etc.)
- Experience with AWS or Azure environments a plus
- Experience using C# or Golang a plus
- Must demonstrate passion for identifying and exploiting vulnerabilities
- Knowledge of open source security testing standards and projects, including OWASP
- Understanding of cloud computing models, technologies and concepts
- Industry savvy, and has an ability to work independently or as part of a dynamic collaborative team
- Prior experience with security audits/reviews, vulnerability assessment and risk assessment
- Excellent documentation and reporting skills
Experience with Docker or other container technologies a plus
- Experience working in an agile environment a plus
- Clinical/Healthcare experience is a plus
- Recognized industry certifications in penetration testing preferred. (E.g. CEH, GPEN, OSCP CEPT or CISSP)