Senior Security Test Engineer : Pleasanton, CA
9/24/2016 7:20:38 AM
Senior Security Test Engineer
echnical and Demonstrable Skills:
The Consultant resource(s) shall possess most of the following skills:
Ability to flow from black box to gray box to white box tests dependent on client needs.
Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
Perform, review and analyze security vulnerability data to identify applicability and false positives.
Conduct penetration testing in line with Open Web application Security project
Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.
May require the performance of other essential functions depending upon work location or assignment.
Some knowledge of dev ops and SIEM tools (ie. Chef, Splunk and Vagrant)
Experience with scripting languages (e.g. python, PERL, SQL) a plus
Ability to perform below tasks:
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
Interactive Application Security Testing (IAST)
Web Application Penetration Testing
Product Security Testing
Cloud Application Security Testing
Web Services Security Testing
Security Code Review
Network Security Assessment
Security Testing Tools: IBM Appscan, Burp Suite, Tamper Data, Live http Headers, HP Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus
The Consultant resource(s) shall be knowledgeable in most of the following areas:
Knowledge and understanding of basic information security principles (eg. OWASP Top Ten)
Knowledge of security best practice guidelines (ISO 17799, NIST, etc.)
Relevant professional experience including working knowledge of the
CISSP, CISM, CISA, CEH, CEPT, GIAC or other IS certifications a plus