Apply Now

Upload Your CV
TalentWeb Inc 23/11/2020

Security Engineer

Ref #: 608
Location: Sacramento 3112 O Street California 95816
2021-02-23
Salary: Negotiable
Sector:
Type: Fixed

Talent Web Recruitment & Staffing is searching for a Security Engineer for a 3-month contract position. You will be responsible for developing security test plans, procedures, automated test scripts and tooling that provides 100% coverage for security risks and regression.

Responsibilities:

  • Develop security test plans, procedures, automated test scripts and tooling that provides 100% coverage for security risks and regression
  • Develop a test suite and related tooling to assist in regression testing for application security vulnerabilities
  • Work collaboratively with the Engineering and DevOps team to plan, deploy and run automated tests in test environments
  • Perform usability testing while ensuring user privacy concerns are addressed
  • Perform network penetration, injection attacks (sql injection, XSS) , web, mobile and business application testing, source code reviews, threat analysis, wireless network assessments and OT/IoT security assessments
  • Identify security vulnerabilities within web and mobile based applications
  • Provide analysis and remediation recommendations to application and infrastructure teams on security issues
  • Participate in product design reviews to provide input for potential security risks
  • Recognize and safely utilize attacker tools, tactics, and procedures

Requirements:

  • Experience testing cloud native software in Azure/GCP (preferred) or public clouds.
  • Testing containerized applications, PaaS resources, familiarity with threat modeling and methodologies, testing API security, infra security, with focus on java/golang applications.
  • Expert knowledge of Windows & Linux, TCP/IP, and Web services
  • Experience with various security tools and products
  • Expert in injection attacks – XSS, sql injection, code injection, OS command injection, host header injection
  • Expert in Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Origin Analysis/Software Composition Analysis (SCA) and Database Security Scanning
Back