Veracode Inc. currently has a unique opportunity with for a Senior Penetration Tester to join our Security Consulting team. This role can work remotely 100% of the time with infrequent travel to client or Veracode facilities as needed (5-10%). Our team is an experienced and highly skilled group of penetration testers that takes direction from some recognizable industry subject matter experts. We will consider experienced applicants at various career levels so read on to learn what we are looking for.
- Perform penetration testing against many different types of applications and networks.
- Identify and exploit vulnerabilities in applications and networks.
- Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications.
- Research emerging security topics and new attack vectors.
- Work independently to meet customer and project deadlines.
- Interact with customers in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on penetration testing findings.
- Leverage Veracode’s automated analysis solutions for efficient delivery of focused and comprehensive test formats
- A year or more working in a “work from home” / remote capacity.
- 5 or more years of penetration testing with 3 or more years of specific application and network / red team penetration testing experience in a consulting environment.
- Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.).
- Development and/or source code review experience in at least several of the following languages/Scripting languages: C/C++, C#, VB.NET, ASP, PHP, Powershell, Python or Java.
- Understanding of how data flows through an application and/or network and connected components (SMTP, LDAP, Database servers).
- Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.).
- Familiar with common Windows/Linux commands and scripting.
- Familiarity with general application and network security concepts.
- Ability to communicate effectively both written and verbal.
- Ability to travel for company related events and potential onsite client work (5-10%).
- Familiar with OWASP Top 10 and CWE/SANS Top 25 classification systems.
- Familiar with profiling an application or network, identifying threats, and developing test cases to target identified threats.
- Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations.
- Familiar with documenting and communicating results that may be consumed by both developers and management-level audiences.
- Familiar with testing web applications, natively compiled binary applications, mobile applications, web services, and testing networks.
- Familiar with using as many of the tools listed below (open to others not listed):
- Intercepting Proxies (i.e. Burp Suite, Charles, OWASP ZAP proxy, etc.).
- Web Service Testing Tools (i.e. soapUI).
- Disassemblers/Decompilers/Debuggers (IDA Pro, OllyDbg, WinDbg, jad, flare/flasm, SoThink SWF Decompiler, Firebug, etc.).
- Exploit frameworks (Metasploit, Immunity CANVAS, CORE Impact)
- Vulnerability scanners (Nessus)
- OSINT discovery (Shodan, Maltego)
- IDEs (i.e. Visual Studio or Eclipse).
- Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major
- Current holder of penetration testing certifications such as OSCP, OSWP, GWAPT, GXPN, GPEN. CREST or Tiger SST certification a plus.
- 2+ years of professional web-application development or source code review experience
- Familiar with writing tools to aid in penetration testing.
- Development experience with multi-tiered Internet applications
- Development and/or architecture familiarity mobile applications, specifically iOS and Android
- Experience conducting targeted phishing and related social engineering tests
- Penetration testing experience with DevOps related technologies such as Docker, Kubernetes, and CI/CD tool environments.
- Penetration testing and reverse engineering experience with embedded systems and hardware (i.e. IoT devices)
- Experience developing custom scripts or tools used for vulnerability scanning and identification
- Unix, Windows, or networking security experience
- Development and/or source code review in Flash/Flex and SharePoint Technologies
- Development and/or architecture familiarity mobile applications, specifically Apple iOS and Android
The Veracode Way:
We Have a Passion and Commitment for Security
We consider security in everything we do. We act to preserve the trust our customers place in us.
We Help Our Customers Change the World
We deliver peace of mind to our customers so they can focus on the pursuit of their missions.
We Have Big Goals and Expect Big Outcomes
We are results driven. We take risks, compete boldly, and deliver valuable outcomes to our customers.
We Are Committed to Making Progress Together
We collaborate with each other, our user communities, our industry and together lead the world forward.
We Value Each Other
We value diversity. We have empathy for each other and assume positive intent.
We Are Proud to be Veracode
We have fun together. We honor who we are and work hard to achieve our potential.
You Change the World, We’ll Secure It!
Veracode is an equal opportunity employer and we celebrate diversity with a commitment to creating an inclusive environment. All applicants will be considered for employment without attention to race, religion, age, sex, gender identity, sexual orientation, national origin, veteran or disability status.
More About Working at Veracode
Veracode, is a leader in helping organizations secure the software that powers their world. Veracode’s SaaS platform and integrated solutions help security teams and software developers find and fix security-related defects at all points in the software development lifecycle, before they can be exploited by hackers. Our complete set of offerings help customers reduce the risk of data breaches, increase the speed of secure software delivery, meet compliance requirements, and cost effectively secure their software assets- whether that’s software they make, buy or sell.
Veracode serves more than 1,400 customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog, on Twitter and in the Veracode Community.
At Veracode you’ll have the opportunity to eliminate barriers for our customers and earn a competitive compensation and total rewards package – all while pushing the boundaries of what’s possible by collaborating with a diverse team of global innovators. In short, Veracode’s fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.
We offer competitive salary, company-sponsored premium Medical/Prescription & Dental Plans, company-paid Holidays, Vacation, Anniversary Service and Sick Days, 401(k) Plan, Education/Training Reimbursement, Charitable Gift Program, Adoption Assistance Program.
We are equal opportunity employers. As such, it is our corporate policy to fill positions with qualified candidates regardless of the candidate’s race, color, sex, age, religion, ancestry, national origin, citizenship status, marital status, sexual orientation, gender identity, genetic information, disability, pregnancy, military status, veteran status or any other protected group status.
Contact for Veracode:
Copyright © 2019 Veracode, Inc. All rights reserved. All other brand names, product names, or trademarks belong to their respective holders.