Talent Web Recruitment & Staffing is searching for a Security Engineer for a 3-month contract position. You will be responsible for developing security test plans, procedures, automated test scripts and tooling that provides 100% coverage for security risks and regression.

Responsibilities:

• Develop security test plans, procedures, automated test scripts and tooling that provides 100% coverage for security risks and regression
• Develop a test suite and related tooling to assist in regression testing for application security vulnerabilities
• Work collaboratively with the Engineering and DevOps team to plan, deploy and run automated tests in test environments
• Perform usability testing while ensuring user privacy concerns are addressed
• Perform network penetration, injection attacks (sql injection, XSS) , web, mobile and business application testing, source code reviews, threat analysis, wireless network assessments and OT/IoT security assessments
• Identify security vulnerabilities within web and mobile based applications
• Provide analysis and remediation recommendations to application and infrastructure teams on security issues
• Participate in product design reviews to provide input for potential security risks
• Recognize and safely utilize attacker tools, tactics, and procedures

Requirements:

• Experience testing cloud native software in Azure/GCP (preferred) or public clouds.
• Testing containerized applications, PaaS resources, familiarity with threat modeling and methodologies, testing API security, infra security, with focus on java/golang applications.
• Expert knowledge of Windows & Linux, TCP/IP, and Web services
• Experience with various security tools and products
• Expert in injection attacks – XSS, sql injection, code injection, OS command injection, host header injection
• Expert in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Origin Analysis/Software Composition Analysis (SCA) and Database Security Scanning