Error
Penetration Test Engineer (offline)
Job Purpose
The Security Test Engineer (STE) is a part of a high-performance Security test team responsible for the security testing of complex e-commerce solutions. To achieve the best results in this role you should have a strong technical background combined with collaboration, communication, and negotiation skills to act as a single STE or being a part of the project’s STE team. You should have strong expertise with the security testing approaches, understanding of the international security standards, experience with using different test tools in order to achieve the best results in an effective and efficient manner.
In this role you will get to:
• Collaborate with different project stakeholders to identify the Security Testing needs, scope, and inputs for the Security Testing approach;
• Develop security testing strategy, create security test plans and scripts execution;
• Perform security assessment for commercial and non-commercial (internal) projects;
• Participating in conference calls with clients to review your assessment results and consult with the clients on remediation options;
• Writing a formal security assessment report for each penetration test using our company's standard reporting format;
• Performing security research on topics for department development;
• Researching and maintaining proficiency in tools, techniques, countermeasures, and trends in web app vulnerabilities;
• Assisting with security assessment and reporting methodology enhancements;
• Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of retesting.
Your skills and qualifications:
• Minimum 1 year of experience in security/penetration testing, such as vulnerability analysis, manual and automated approaches for test execution;
• Understanding of web application security (including but not limited to OWASP Top Ten);
• Experience with conducting different types of web application penetration testing, vulnerability assessments;
• Experience in analysis of technical security weaknesses and to performs risk analyses;
• Understanding and experience with OWASP main projects as:
- OWASP Top Ten
- OWASP Web Security Testing Guide
- OWASP Application Security Verification Standard
- OWASP Cheat Sheet Series
- OWASP API Security
- OWASP SAMM
• Knowledge of industry compliance standards and regulations (PCI, EU GDPR, etc)
• Extensive experience with the following tools: Burp Suite pro, ZAP, Nmap;
• Experience with Commercial Web Application Tool;
• Working experience with Kali linux distributive;
• Ability to use Common Vulnerability Scoring System;
• Good knowledge of OOP;
• Basic knowledge of software development principles: SOLID, Design Patterns;
• Good understanding of how the web works: HTTP(S), HTML, CSS, AJAX, etc
• JavaScript basics;
• Hands-on experience in scripting/coding in at least one of the following languages as Python, Ruby, Java;
• Working experience with complex projects that requires a deep understanding of the application logic and dependencies, experience with code analysis;
• Network penetration testing skills and software security fundamentals knowledge;
• Experience in manual Penetration Testing(i.e. mapping applications, injecting SQLi, XSS);
• Exceptional communication skills, to be able to explain the technical details of OWASP Top 10 and other vulnerabilities;
• Ability to learn and adapt quickly in a dynamic environment;
• At least intermediate spoken and written level of English proficiency;
• Strong theoretical knowledge base in software testing (basing on the OWASP Security Testing Model);
• Good understanding of SDLC and role of testing.
Good to have:
• Experience in security/penetration testing of web-based applications and e-commerce solutions;
• Experience with CI systems;
• Experience with static analysis/review of source code for security flaws (manual and/or automated);
• Software Development and/or Scripting Experience in .NET, C++, Java, C#, Perl, Python, or bash;
• Cyber Security Certifications: OSCP, CEH, SANS, etc.
• Good technical writing skills and attention to detail;
• Experience working in geographically distributed teams;
• Experience of work with Jira and Confluence systems.
What we offer in return:
• Well-structured processes;
• Knowledgebase of the world’s largest ecommerce delivery team;
• Professional training and certifications;
• Off-the-Charts Career Growth: Сlear career path and a performance review system, career coaching, training and certifications, mentoring and knowledge sharing.
• Well-being Is Top Priority: Parental leave, paid time off, comprehensive health and medical plans.
• Real Work-Life Balance: Remote, in-office, or hybrid working modes; flexible hours; work-life balance support on every stage and level.
• Culture of Success: Culture of collaboration that encourages innovation every step of the way; 20 offices spanning four continents bring diverse perspectives that drive tangible results for our clients worldwide.
Why work for Astound Commerce?
Whether you’re working directly with our world-renowned clients or with your Astound colleagues from around the globe, you will shape the future of digital commerce, using emerging technologies and innovative approaches.
Grow your career with Astound Commerce, and discover exciting opportunities while doing the work you love!
The Security Test Engineer (STE) is a part of a high-performance Security test team responsible for the security testing of complex e-commerce solutions. To achieve the best results in this role you should have a strong technical background combined with collaboration, communication, and negotiation skills to act as a single STE or being a part of the project’s STE team. You should have strong expertise with the security testing approaches, understanding of the international security standards, experience with using different test tools in order to achieve the best results in an effective and efficient manner.
In this role you will get to:
• Collaborate with different project stakeholders to identify the Security Testing needs, scope, and inputs for the Security Testing approach;
• Develop security testing strategy, create security test plans and scripts execution;
• Perform security assessment for commercial and non-commercial (internal) projects;
• Participating in conference calls with clients to review your assessment results and consult with the clients on remediation options;
• Writing a formal security assessment report for each penetration test using our company's standard reporting format;
• Performing security research on topics for department development;
• Researching and maintaining proficiency in tools, techniques, countermeasures, and trends in web app vulnerabilities;
• Assisting with security assessment and reporting methodology enhancements;
• Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of retesting.
Your skills and qualifications:
• Minimum 1 year of experience in security/penetration testing, such as vulnerability analysis, manual and automated approaches for test execution;
• Understanding of web application security (including but not limited to OWASP Top Ten);
• Experience with conducting different types of web application penetration testing, vulnerability assessments;
• Experience in analysis of technical security weaknesses and to performs risk analyses;
• Understanding and experience with OWASP main projects as:
- OWASP Top Ten
- OWASP Web Security Testing Guide
- OWASP Application Security Verification Standard
- OWASP Cheat Sheet Series
- OWASP API Security
- OWASP SAMM
• Knowledge of industry compliance standards and regulations (PCI, EU GDPR, etc)
• Extensive experience with the following tools: Burp Suite pro, ZAP, Nmap;
• Experience with Commercial Web Application Tool;
• Working experience with Kali linux distributive;
• Ability to use Common Vulnerability Scoring System;
• Good knowledge of OOP;
• Basic knowledge of software development principles: SOLID, Design Patterns;
• Good understanding of how the web works: HTTP(S), HTML, CSS, AJAX, etc
• JavaScript basics;
• Hands-on experience in scripting/coding in at least one of the following languages as Python, Ruby, Java;
• Working experience with complex projects that requires a deep understanding of the application logic and dependencies, experience with code analysis;
• Network penetration testing skills and software security fundamentals knowledge;
• Experience in manual Penetration Testing(i.e. mapping applications, injecting SQLi, XSS);
• Exceptional communication skills, to be able to explain the technical details of OWASP Top 10 and other vulnerabilities;
• Ability to learn and adapt quickly in a dynamic environment;
• At least intermediate spoken and written level of English proficiency;
• Strong theoretical knowledge base in software testing (basing on the OWASP Security Testing Model);
• Good understanding of SDLC and role of testing.
Good to have:
• Experience in security/penetration testing of web-based applications and e-commerce solutions;
• Experience with CI systems;
• Experience with static analysis/review of source code for security flaws (manual and/or automated);
• Software Development and/or Scripting Experience in .NET, C++, Java, C#, Perl, Python, or bash;
• Cyber Security Certifications: OSCP, CEH, SANS, etc.
• Good technical writing skills and attention to detail;
• Experience working in geographically distributed teams;
• Experience of work with Jira and Confluence systems.
What we offer in return:
• Well-structured processes;
• Knowledgebase of the world’s largest ecommerce delivery team;
• Professional training and certifications;
• Off-the-Charts Career Growth: Сlear career path and a performance review system, career coaching, training and certifications, mentoring and knowledge sharing.
• Well-being Is Top Priority: Parental leave, paid time off, comprehensive health and medical plans.
• Real Work-Life Balance: Remote, in-office, or hybrid working modes; flexible hours; work-life balance support on every stage and level.
• Culture of Success: Culture of collaboration that encourages innovation every step of the way; 20 offices spanning four continents bring diverse perspectives that drive tangible results for our clients worldwide.
Why work for Astound Commerce?
Whether you’re working directly with our world-renowned clients or with your Astound colleagues from around the globe, you will shape the future of digital commerce, using emerging technologies and innovative approaches.
Grow your career with Astound Commerce, and discover exciting opportunities while doing the work you love!
About Astound Commerce
Astound Commerce специализируется на решениях в области ecommerce для корпоративных клиентов по всему миру. Компания является признанным экспертом глобального рынка ecommerce-разработки и обеспечивает заказчикам полный цикл услуг: от планирования, разработки и поддержки решения до его продвижения и операционной аналитики. В команде около 700 человек по всему миру. Компания не занимается аутсорсингом, а привлекает заказчиков и работает с ними напрямую. Среди клиентов компании мировые бренды: Adidas, Versace, Men’s Wearhouse, L'Oreal, Tommy Hilfiger, Hugo Boss, Crocs, Avenue и многие другие мировые и локальные бренды.Astound Commerce ведет разработку на пяти ecommerce платформах корпоративного класса: Salesforce Commerce Cloud Solution, Hybris, Magento, IBM WebSphere Commerce, Intershop и NetSuite. Это популярнейшие среди крупных мировых ритейлеров платформы, позволяющие создавать гибкие, настраиваемые и устойчивые к нагрузкам решения для онлайн-бизнеса. Компания работает на международном IT-рынке с 2000 года. Офисы Astound Commerce открыты в США и Европе, центры разработки находятся в Украине, Словакии, Болгарии, Колумбии с возможностью релокации сотрудников и удаленной работы.
Company website:
https://astoundcommerce.com/our-work/
The job ad is no longer active
Job unpublished on
4 March 2022
Look at the current jobs Security Kyiv→
Average salary range of similar jobs in
analytics →
Similar jobs
Mobile Assessment Engineer at Samsung R&D Institute Ukraine
Relocate, Ukraine
Фахівець з кібербезпеки та захисту даних at CFG
Ukraine
All jobs Security Kyiv All jobs Astound Commerce