Talent Web Recruitment & Staffing is searching for a Security Engineer for a 3-month contract position. You will be responsible for developing security test plans, procedures, automated test scripts and tooling that provides 100% coverage for security risks and regression.
- Develop security test plans, procedures, automated test scripts and tooling that provides 100% coverage for security risks and regression
- Develop a test suite and related tooling to assist in regression testing for application security vulnerabilities
- Work collaboratively with the Engineering and DevOps team to plan, deploy and run automated tests in test environments
- Perform usability testing while ensuring user privacy concerns are addressed
- Perform network penetration, injection attacks (sql injection, XSS) , web, mobile and business application testing, source code reviews, threat analysis, wireless network assessments and OT/IoT security assessments
- Identify security vulnerabilities within web and mobile based applications
- Provide analysis and remediation recommendations to application and infrastructure teams on security issues
- Participate in product design reviews to provide input for potential security risks
- Recognize and safely utilize attacker tools, tactics, and procedures
- Experience testing cloud native software in Azure/GCP (preferred) or public clouds.
- Testing containerized applications, PaaS resources, familiarity with threat modeling and methodologies, testing API security, infra security, with focus on java/golang applications.
- Expert knowledge of Windows & Linux, TCP/IP, and Web services
- Experience with various security tools and products
- Expert in injection attacks – XSS, sql injection, code injection, OS command injection, host header injection
- Expert in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Origin Analysis/Software Composition Analysis (SCA) and Database Security Scanning