Ethical Hacker - Financial Services
Job Details
Full Job Description
KP Recruiting Group is a consulting firm that
providesleadership and exceptional talent to some of the world’s
leading companies.Headquartered in the Midwest, KP Recruiting Group
has successfully completedcountless engagements in the United States,
Europe and Latin America. Werepresent clients in all industries and
all sizes. Our mission is to provideexceptional client and candidate
experiences in order to get the best possibleresults. On behalf of our
client, we are excited to present the following confidentialrole. We
look forward to hearing from you and discussing the opportunity!
The Role:
The Ethical Hacker will join
a dynamic team of world class security experts to conduct application
security/penetration tests of our internal/external web, mobile, web
service applications, and evaluations of assessments performed by
vendor third parties, leveraging both manual techniques as well as
automated tools in order to uncover and report security
vulnerabilities that exist.
You will be
knowledgeable with business risks associated to common security
vulnerabilities and to be able to effectively communicate security
vulnerabilities to application developers and/or senior managers who
may have little to no experience with application security
vulnerabilities.
The ability to work
independently in a very large scale, enterprise setting is a great
skill to possess. Previous experience as an application security
professional with a large Financial Institution a plus.
Requirements
- BS/MS in Computer Science (or relevant work experience in a
large scale IT environment)
- Experience conducting
vulnerability assessments, code reviews and penetration tests against
web/mobile application technologies, services, platforms and languages
to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting,
Cross-Site Request Forgery, Clickjacking,
Authentication/Authorization, Privilege Escalation, Business Logic
Bypass, OWASP Top 10, SANS Top 25 etc)
- Knowledge of
network and Web related protocols/technologies
- Ability
to demonstrate manual web application testing experience
- Experience with web application vulnerability scanning tools (e.g.
IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro
etc.)
- Experience with vulnerability assessment tools
and penetration testing techniques (e.g. web application proxies,
packet capture analysis software, browser extensions, advanced
penetration testing Linux distributions, static source code analyzers,
SoapUI etc.)
- Experience of penetration testing on
mobile platforms such as iOS, Android, Windows and RIM.
- Solid programming/debugging skills with proficiency in one or more of
the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON,
Objective-C.
- Expert-level experience and very details
technical knowledge in at least 3 of the following areas: general
information security; security engineering; application architecture;
authentication and security protocols; application session management;
applied cryptography; common communication protocols; mobile
frameworks, single sign-on technologies; exploit automation platforms;
RESTful web services
- Demonstrated ability to learn and
apply critical thinking to a variety of situations
- One
or more of the following certifications: CISSP, GWAPT, CEH, OSCP (or
qualified work experience)
- Strong scripting skills
(e.g. Python, Perl, Shell script, JavaScript
- Experience
as a developer
- Mobile programming abilities such as
Xcode, Objective-C
- Knowledge of a Structured Query
Language
Benefits
Ourclient offers a comprehensive
benefits package including:
401kMatching
Family andIndividual Insurance Packages (Health, Life, Dental,
and Vision)
Paid TimeOff & Paid Holidays
Long &Short-Term Disability
IdentityTheft Plans
Retirement& Pension Plans
EmployeeAssistance
Program
EmployeeReferral Program
TuitionReimbursement Programs
Advancement& Professional
Growth opportunities
ParentalLeave
& More