Penetration Tester/Security (Hybrid)
Location: McLean, Virginia, Tampa or Dallas-, Mclean, Boston
Mode of Interview: Phone Skype

Work w existing set of pen testers and do pen testing on APIs and applications

- 5 years experience

- Someone who has GWAPT or OSCP certification! GPEN can work

- Networking background is not a fit, looking for someone who has performed web application testing, specifically they will be using tools (burpsuite) in addition to own manual testing

- Have been getting lots of SOX and incident response

- This is the defensive team, not offensive.

- Ethical application pen testing team not hacking

Our Risk Management teams work to protect the safety and soundness of our systems and are responsible for identifying, managing, measuring and mitigating a spectrum of key risk types including credit, market, liquidity, systemic, operational and technology in all existing and new products, activities, processes and systems.

The Technology Risk Management department is responsible for setting strategic direction in the areas of IT Risk and Information Security. They are accountable for maintaining DTCC's corporate security policies and control standards and acting as an operational arm for monitoring threat intelligence.

The Application Security Associate is responsible for the security testing and risk analysis applications using various application security tools. Interaction with developers (Application Development (AD)) to provide guidance, best practices and technical assistance in remediating application security issues will be part of the responsibilities. The individual should possess strong application software expertise, along with excellent communication, and organizational skills.

Specific Responsibilities

Perform Ethical Application Penetration Testing (EAPT) on web applications and APIs.
Coordinate with application development teams to collect the application details.
Provide the vulnerability information in the predefined report format after performing the App Pentest using manual methodology and App Pentest tools such as Burp Suite and Web Inspect
Provide assistance to the developers in detailing the vulnerabilities reported along with the recommendations for remediation
Align risk and control processes into day-to-day responsibilities to monitor and mitigate risk; escalates appropriately

Minimum of 5 years of experience in application penetration testing
Bachelor's degree is desirable
Minimum of 3 years of experience in App Pentest tools such as Burp Suite and WebInspect
Certified in OSCP or GWAPT

Shivam Kumar

IT Technical Recruiter

Stellent ITPhone: 201-503-2666

Email: shivam
Gtalk: shivamom