Job Description

Reference # : 17-00504Title : Web Ethical Hacker
Location : North Carolina, NC
Position Type : Direct Placement
Experience Level : Start Date : 01/19/2017
Description
Eclaro International is currently recruiting for a Web Ethical Hacker for one of our financial services clients.

Job Description:


Candidate will be part of an experienced team that performs security threat/vulnerability assessments of critical Bank environments, applications, and technologies through both Ethical Hacking, Automated Web Scanning, and Source Code analysis. Candidate will focus on Ethical Hacking assessments. Must be able to act as a Subject Matter Expert to management and application owners on application vulnerabilities and security best practices. Associate will be required to follow standard methodologies and have the initiative to develop new and innovative processes. Working within a tight team framework, the associate must be results conscious as well as able to work within tight timelines. Candidate must be knowledgeable with business risks associated to common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities. Ability to work independently in a very large-scale, enterprise setting. Previous experience as an application security professional within a large Financial Institution a plus.

Enterprise Role Overview
Key individual contributor, with accountability for researching, designing, engineering, implementing, and supporting information security & directory technology systems (software & hardware). Utilizes in-depth technical knowledge and business requirements to design & implement secure solutions to meet customer / client needs while protecting the Bank's assets. Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.). Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.
Required Skills & Experience:
• BS/MS in Computer Science (or relevant work experience in large scale IT environment)
• At least 3 years of experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, and Business Logic Bypass, OWASP Top 10, SANS top 25, etc.)
• Ability to demonstrate manual web application testing experience; i.e. candidate must be able to simulate a SQL inject/Cross-site script attack without the use of tools.
• Expert level experience with web application vulnerability scanning tools (e.g. IBM AppScan, Client Webinspect, Accunetix, NTO Spider, Burpsuite Pro, etc.)
• Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
• Experience with vulnerability assessment tools and penetration testing techniques. (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions (i.e. BackTrack/Kali), static source code analyzers, SoapUI, etc.)
• Experience penetration testing on mobile platforms such as iOS, Android, Windows & RIM
• Solid programming/debugging skills with proficiency in one or more of the following; Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
• Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks; single sign-on technologies; exploit automation platforms; RESTful web services.
• Demonstrated ability to learn and apply critical thinking to a variety of situations.
Desired Skills & Experience:
Technical Skills:
• One or more of following certifications: CISSP, GWAPT, C-EH, OSCP, OSCE or qualified work experience
• Strong scripting skills (e.g., Python, Perl, Shell script, JavaScript)
• Experience as a developer a plus
• Mobile programming abilities, such as Xcode, Objective-C a plus
• Knowledge of Structured Query Language a plus.
Soft Skills:
• Strong teamwork skills
• Effective written and oral communication skills
• Ability to multi-task and handle multiple projects
• Ability to work in a fast paced, challenging environment.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online