Penetration Tester

Gssr - Washington, DC

posted 4 months ago

Full-time
Washington, DC
Professional, Scientific, and Technical Services

About the position

The Penetration Tester will play a critical role in ensuring the security of the organization's applications and databases. This position involves managing and modifying the security scan profiles to align with the company's baseline standards. The successful candidate will conduct thorough security analyses across various layers of the systems, including application and database layers. This will be achieved through a combination of manual testing and automated vulnerability assessments using a range of tools, such as IBM AppScan and Guardium Database Scanner. In addition to performing application security testing on both native and web-based mobile applications across different platforms, particularly iOS, the Penetration Tester will review the security architecture of Fund systems. This includes creating security test plans that are informed by existing and planned controls and recommendations. The role requires collaboration with the application development community to address vulnerabilities identified in scanner reports, employing a risk-based approach to remediation. The Penetration Tester will also work closely with Database Administrators (DBAs) and application development teams to discuss vulnerabilities and recommend remediation activities. Maintaining detailed documentation of test procedures and findings in the Vulnerability Management System is essential. The role involves performing manual vulnerability assessments and penetration testing of applications, producing comprehensive reports, and guiding development teams through identified issues. Continuous monitoring of published vulnerabilities across various application, operating system, and database layers is a key responsibility, as is analyzing the impact of these vulnerabilities on the Fund's environment. The Penetration Tester will publish advisories to stakeholders based on the analysis and determine patching priorities for publicly disclosed vulnerabilities, ensuring timely notifications to relevant parties.

Responsibilities

  • Manage, modify and tweak the Application and database security scan profile as per the company's baseline standards.
  • Perform security analysis of the different layers of the systems (application database layers) by performing manual testing and automated system vulnerability assessment scans using various web, application, operating systems and database vulnerability scanners (IBM AppScan and Guardium Database Scanner).
  • Perform application security testing on both native and web based mobile applications on different mobile platforms (iOS).
  • Review the security architecture of Fund systems and create security test plans based on existing and planned controls and recommendations.
  • Review scanner reports and work with the application development community to remediate issues following a risk based approach.
  • Work with DBA and application development teams, to discuss vulnerabilities through recommending and monitoring of remediation activities.
  • Maintain detailed documentation of test procedures and findings in the Vulnerability management system.
  • Perform manual vulnerability assessment and penetration testing of applications, produce report walk development team through issues.
  • Continuously monitor the published vulnerabilities for various application, operating system and database layer.
  • Analyze the impact of the vulnerabilities on the Fund's environment and accordingly publish the advisories to the different stakeholders in the Fund.
  • Based on the publicly disclosed vulnerabilities determine the patching priority and notify the stakeholder.

Requirements

  • Experience with application and database security scanning tools, specifically IBM AppScan and Guardium Database Scanner.
  • Strong understanding of security analysis techniques for application and database layers.
  • Proficiency in manual testing and automated vulnerability assessment.
  • Experience in application security testing for both native and web-based mobile applications, particularly on iOS.
  • Ability to create security test plans based on security architecture reviews.
  • Experience in collaborating with development teams to remediate vulnerabilities.
  • Strong documentation skills for maintaining test procedures and findings.

Nice-to-haves

  • Familiarity with various web, application, operating systems and database vulnerability scanners.
  • Knowledge of risk-based approaches to vulnerability remediation.
  • Experience in publishing advisories and communicating with stakeholders regarding vulnerabilities.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service