The Penetration/Security Test Engineer will analyze our software architecture and implementations from Information security aspects; confidentiality, integrity and availability and identify security issues. You will work closely with development team in order to solve the issues. You will perform threat modeling and analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust, reliable and secure software
Handling Security Issues (50%)
Scan product for Top 10 OWASP vulnerabilities and suggest remediations.
Analyze scanned results and triage vulnerabilities
Conduct manual code reviews and provide vulnerability analysis
Analyze the impact of vulnerabilities for end user.
Troubleshoot and debug issues that arise
Contribute to all levels of the architecture
Maintain technical documentation
Consult team members on secure coding practices
Develop a familiarity with new tools and best practices
Security testing Framework and processes (50%)
Design, develop, and maintain security testing framework, tools and scripts
Documenting and tracking the security issues residing from the tests
Analyze root causes of security issues and provide corrective actions
Document all relevant design documentation for security testing purposes
Conduct system performance testing to ensure system reliability, capacity and scalability.
Evaluate and make recommendations for future improvements to the existing security tools and associated processes.
Degree in Computer Engineering, Computer Science or equivalent experience
4-7 years of hands-on experience in security testing a web application
Strong proficiency in application threat modeling and analysis
Demonstrated experience with Web Application vulnerability scanners platforms/applications like AppScan, Acunetix, AppSpider / InsightAppSec, edgescan, ImminiWeb, Netsparker, Qualys Web Application Scanning, WebInspect
Strong critical thinking and analytical skills
Broad knowledge across multiple domains including web applications, database technologies, server applications, storage applications, test/QA engineering, deployment operations
Ability to identify and prioritize risks to the business appropriately
Extensive knowledge of major security protocols including PKI, SAML, OAuth, TLS, IPSec, VPN
Extensive knowledge of security toolsets including key management systems, firewalls, multi-factor authentication, intrusion detection systems
Solid experience in planning, developing and executing penetration tests, analyzing the results and writing reports to Management
Strong debugging skills in diagnosing test script failures
Working experience with repository/builds tools for Continuous Integration
Exposure to AWS cloud Services
Over 1,000 of the world’s largest organizations depend on Resolver’s cloud software product to protect their employees, customers, supply chain, brand and shareholders. We offer a Silicon Valley approach with the stability of a multi-national company.
we have smart, talented and curious people you'll work with and learn from. As a Product company, you'll be hands-on with our global teams and top-tier leadership in Canada, the US, UK and New Zealand.
- Professional development: we have an external learning budget to help you grow and develop. We also have great online learning and workshops internally for you to tap in to.
- Impact: we solve complex challenges for some of the world's most recognized organizations. Our customers use our software to help reduce the frequency and severity of negative events to protect people, product and organizational success. What we do matters.
- Vacation: It’s important for you to have time off to re-charge your battery and be with your family and friends. Paid time and sick/casual accrual are 15 days and 12 days per year respectively.
- Parental leave: we support new Mothers with 100% top-up Maternity leave is up to 26 weeks and new Fathers receive 10 days of Welcome Leave.
- Great benefits: 100% paid by us for health, accident and life, medical privileges include dental and outpatient too. We also offer a wellness/fitness reimbursement, that can go towards things like gym memberships, yoga classes, soccer membership fees or a cycle.
- Office perks: our environment is flexible, with great snacks and chai. We love our newly renovated office and table tennis. We do socials and events for people to come together.
- See us here: https://www.youtube.com/watch?v=SauuLddcc3M&feature=youtu.be
Are you ready to make an impact?