Security Pen TesterAmsterdam
For our cient in Amsterdam we are looking for a qualified security test analyst with recent and relevant working experience as a software security tester.
Security testing experience in a Financial environment could be advantageous but not determinant. You’ll be responsible for the execution of security tests on a wide variety of internal and external facing applications and will review result of static code analysis..
You also will assist with the continuous improvement of the processes critical to the success of the team. In this role, you will be helping DevOps teams thought-out SDLC.
How to succeed
Primary responsibility to provide internal and external network penetration testing, create actionable reporting based on findings, application testing, including black-, grey-, white box, code reviews and sometimes software development advisory.
Additionally, you will support with pre intakes/technical intakes.
· B.S. in Computer Science or related technical major (M.S./PhD preferred), or significant job experience.
· You have a valid (Current) ECPPT, OSCP, ECSA, GIAC Pentest Certification.
· Minimum 5 years penetration testing experience, with experience on APIs
· Experience with OWASP testing Guide / Open Source Security Testing Methodology Manual
· Fluent in at least 1 programming language.
· Expert with common web application penetration testing tools including, but not limited to Burp, Fiddler, OWASP Zap, BeEF, and at least one commercial solution (WebInspect, AppScan, or similar).
· Experience deploying enterprise security testing solutions.
· Familiarity with common network vulnerability and penetration testing tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap.
· Experience with debuggers, disassemblers, binary patch diffing (e.g. BinDiff).
· Experience with testing automation suites such as Cucumber, Jasmine, Selenium.
· Experience with cryptography, X509 certificates, signatures, securing TLS/SSL parameters, and certificate pinning.
· Technical depth in many, if not most of the following areas: Java EE, Node.js, web services.
· Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration.
· Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.
· Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
· Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
· A fun and positive attitude!