You will join a dynamic team of world class security experts to conduct penetration tests of our internal/external web, mobile and web service applications, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist. You will be knowledgeable with business risks associated with common security vulnerabilities and be able to effectively communicate security vulnerabilities to developers or senior managers
- Experience in conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Remote Code Execution, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, etc.)
- Experience in conducting Threat Modeling
- Knowledge of network and Web related protocols/technologies
- Experience with web application vulnerability scanning tools (e.g. IBM AppScan, NetSparker, Burp Suite Pro etc.)
- Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
- Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
- Mobile programming abilities such as Xcode, Objective-C
- Knowledge of a Structured Query Language
- Expert-level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
- Understanding the requirements of the applications and how to use them
- Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
- Monitoring existing and proposed security standard setting groups
- Conducting meetings to communicate the findings and implications to stakeholders
- Performing vulnerability fix verification testing in support of the remediation
- Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
- Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
- Sharing knowledge with technical and non-technical colleagues directly and through training sessions
- Ensuring identified risks are managed effectively
- Contributing to the development and enhancement of the control function
If you are interested in this position, please click "Apply Now" and we will review your qualifications & reach out to you for further discussion & next steps, if your skillsets meet the needs of the role.
Only shortlisted candidates will be responded to, therefore if you do not receive a response within 14 days please accept this as notification that you have not been shortlisted.
EA Licence No: 11C5502
Registration No: R1876903