Sr. Penetration Tester

$110,000 - $135,000/Yr

Mitsubishi - Tampa, FL

posted 3 months ago

Full-time - Mid Level
Tampa, FL
10,001+ employees
Transportation Equipment Manufacturing

About the position

We are seeking a Sr. Penetration Tester with extensive experience in whitebox assessment to join our growing team at Mitsubishi UFJ Financial Group (MUFG). This role is critical within our Enterprise Information Security organization, specifically on the Penetration Testing team. The ideal candidate will have over 5 years of Cyber Security experience, particularly focused on whitebox penetration testing. The successful candidate will be responsible for conducting assessments of applications and web APIs based on established security frameworks such as OWASP Top 10, SANS 25, and Mitre ATT&CK. They will also need to be proficient in reading complex code to identify exploitable vectors related to critical and high CVEs reported in major Java and .Net web frameworks. Additionally, the candidate should be capable of creating custom tools to assist in testing and process automation. In this role, the selected colleague will perform whitebox assessments on an ongoing and project basis, creating or modifying tools to enhance vulnerability detection automation. They will communicate closely with application managers and lead developers across various business lines to ensure a clear understanding of security findings, associated risks, and necessary remediation actions. The candidate will take the lead in identifying and evaluating application security issues as they arise, coordinating with key stakeholders to ensure timely mitigation and remediation. Continuous research on new exploitation and attack techniques relevant to the technology stacks used within the organization is also a key responsibility, along with maintaining familiarity with industry trends and security best practices. The candidate will contribute to the team's continuous improvement efforts, ensuring that security practices evolve alongside emerging threats.

Responsibilities

  • Perform whitebox assessment on an ongoing and project basis
  • Create custom tool(s) and/or modify existing tool(s) to aid with vulnerability detection automation process
  • Communicate and work closely with application managers and lead developers across business lines on security finding(s) to ensure their understanding of associated risks and actions needed to remediate those risks
  • Take the lead in identifying and evaluating application security issues as they arise and coordinating with key stakeholder(s) to ensure that issues are mitigated and/or remediated in a timely basis
  • Continually research on new exploitation/attack techniques against technology stack(s) currently being used at the organization
  • Maintain familiarity with industry trends and security best practices
  • Contribute to the team's continuous improvement efforts

Requirements

  • Bachelor's Degree in Computer Science or related fields; applicable specialized training; or equivalent work experience
  • 5+ years of experience in software development AND white box assessment for application(s) written in Java, C#, or C/C++
  • Solid knowledge in exploitation development, binary reverse engineering and/or techniques to bypass Java/.Net sandbox
  • Solid knowledge in understanding secure software development life cycle (SSDLC), CI/CD pipelines and Waterfall/Agile methodologies
  • Solid knowledge in understanding of common software security issues and remediation techniques (OWASP Top 10, SANS 25, Mitre ATT&CK, etc.)
  • 5+ years of experience in analyzing vulnerabilities and delivering clear and coherent written report with proper mitigation recommendations
  • Understanding of one or more compliance frameworks: NIST, FFIEC, GLBA, SOX, PCI, etc.

Nice-to-haves

  • Possessing one or more of these certifications are highly desirable: OSWE or equivalent
  • Solid knowledge in one or more of the following technology areas: Network infrastructure (technologies, architectures, operations), Clouds (Oracle/AWS/Azure), Various network and host-based security products and services, Active Directory, servers, desktops and mobile devices, Unix, Linux, AIX, SQL, Oracle, DB2 Databases
  • Ability to perform technical risk assessments and synthesize observations at a macro level, identifying indicators of changing risk and/or symptoms of process or control deficiencies
  • Ability to identify and propose process and technology controls in dynamic environments

Benefits

  • Comprehensive health and wellness benefits
  • Retirement plans
  • Educational assistance and training programs
  • Income replacement for qualified employees with disabilities
  • Paid maternity and parental bonding leave
  • Paid vacation, sick days, and holidays

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service