Web Application Penetration Tester II

About the position

NCR Atleos, headquartered in Atlanta, is a leader in expanding financial access. Our dedicated 20,000 employees optimize the branch, improve operational efficiency and maximize self-service availability for financial institutions and retailers across the globe. We are seeking a highly skilled Penetration Tester with specialized experience in web applications and banking systems. This role involves critical testing on hardware and machines used in banking, including ATMs. Experience with financial institutions is highly desirable.

Responsibilities

• Conduct penetration tests across web applications, APIs, mobile devices, and banking hardware, including ATMs.
• Perform thorough security assessments on mobile applications.
• Execute penetration tests on hardware and installable applications, focusing on banking machines and ATMs.
• Conduct cloud configuration reviews and manual source code reviews in languages such as Java, C, and C++.
• Perform security assessments on various cloud infrastructures, including Azure, AWS, GCP, and OCI.
• Utilize expertise in exploiting secure networks and systems to identify vulnerabilities.
• Conduct security audits, network penetration tests, and assessments of web applications, APIs, and cloud environments.
• Provide detailed progress reports to development teams, stakeholders, and internal management.
• Travel up to 25% of the time.

Requirements

• Proficient in both automated and manual penetration testing techniques, with a minimum of 3 years of manual web application testing.
• Demonstrated experience in testing mobile devices and APIs.
• Skilled in manual source code review in Java, C, C++, or similar languages.
• OSCP, GWAPT, GPEN, OSWE, or CEH certifications are strongly preferred.
• Prior experience with banking systems and financial institutions is a significant advantage.
• Stay updated with the latest security software packages, protocols, and computer technologies.
• Understanding of IP network protocols, sub-netting, routing, switching, etc.
• Familiarity with tools such as Kali Linux, Metaploit, Burp, Postman.

Nice-to-haves

• Deep understanding of security challenges in the banking and financial sector.
• Experience in testing and securing ATMs and other banking hardware.
• Expertise in conducting security assessments on cloud infrastructures such as Azure, AWS, GCP, and OCI.
• Proven ability to exploit secure networks and systems.
• Strong ability to communicate findings and recommendations effectively to both technical and non-technical stakeholders.

Benefits

• Medical Insurance
• Dental Insurance
• Life Insurance
• Vision Insurance
• Short/Long Term Disability
• Paid Vacation
• 401k