Innova Solutions is immediately hiring for a Web Security Test Engineer.
Position type: Contract (W2)
Duration: Long Term
Location: Seattle, WA (Hybrid 3 days Onsite)
As a Web Security Test Engineer, you will:
Primary Responsibility:
Perform security testing at various levels with a focus on manual methodologies.
Conduct thorough security vulnerability testing across web and API layers.
Tools:
- Limited tool usage: Preference for manual techniques over extensive tool reliance.
- Proxy management tools: Utilize tools like Burp Suite and Fiddler to manage traffic interception and assess vulnerabilities.
- Manual ethical hacking: Capable of performing ethical hacking without automation, focusing on logic flaws, configuration issues, and manual exploitation.
- Traffic interception: Ability to intercept traffic between browser and application, analyzing requests and responses for potential weaknesses.
Expertise:
- Web Application Security: In-depth understanding of securing web applications, identifying security flaws, and addressing them effectively.
- API Testing: Conduct security testing of APIs and services, ensuring data integrity and authorization controls.
- Threat Modeling: Experience in threat modeling to anticipate security vulnerabilities in both application design and code.
- Code Reviews: Perform manual code reviews to identify potential security risks before deployment.
- Application-Level Insight: Capable of obtaining deep insights into the application layer, identifying security threats beyond surface-level vulnerabilities.
What does he mean by Manual Testing Approach:
- Someone who can Conduct security assessments in scenarios without dedicated tools, (because Bank has limited tools; and want someone who can do things more Manually) using manual techniques to probe for vulnerabilities.
- Ability to simulate attacks on web applications and APIs through hands-on techniques.
Deal Breaker:
- Manual Ethical Hacking; Hands-on Web Application Security experience.
- Proven ability to perform manual ethical hacking and security testing without relying heavily on tools.
- Strong knowledge of proxy management tools like Burp Suite and Fiddler for web and API testing.
- Good with API security testing.
- Ability to intersect browser-application traffic and identify security flaws.
- Application-Level Security Insight: Strong analytical skills to understand complex applications and their security requirements.
Description:
An Authentication team is looking for a Security Testing Engineer. The team handles user identification and authentication across the channels for Consumer.
As a Security Engineer/Tester, you will be performing authorized security testing on some of the very complex, massive scale, and highly critical applications. The ideal candidate is a team player, self-starter and quick learner with 3+ year of experience in software development/testing with large-scale enterprise applications. The working experience requirement can be relaxed if the candidate has right skillset and has the capability to learn quickly. When submitting a candidate under this consideration, please highlight examples of quick learning on the resume.
Primary Skill - Manual and automated testing (testing will be done on software)
- Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.
- In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.
- Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools,
- Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.
- Bachelor's Degree in Computer Science or equivalent experience.
- Must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment
Desired Skills
- Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID, OAuth protocols, etc.
- Good understanding of Cryptographic algorithms and standards like Symmetric/Asymmetric crypto techniques, digital signatures, JWS/JWE tokens, Hardware Security Modules (HSMs), etc.
- Understanding of Security vulnerabilities related to Cloud environments is an added advantage.
- Well known Security certifications is an added advantage
- Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.
- Mobile Application Security familiarity is desirable.
Additional Information:
- Expectation 3 days in office- November Start
- Interview Process
o 1st Round - 1-3 interviewers - via Webex
o 2nd Round - 1-3 interviewers - via Webex
o 3rd Round - Optional if schedule allows - In-person
We are currently interviewing to fill this and other similar positions. If this role is not a fit for you, we do offer a referral bonus program for referrals that we successfully place with our clients, subject to program guidelines. ASK ME HOW.
Thank you!
Amit Panwar
Assistant Manager - Recruitment
PAY RANGE AND BENEFITS:
Pay Range*: $60/hr - $66/hr on W2.
*Pay range offered to a successful candidate will be based on several factors, including the candidate's education, work experience, work location, specific job duties, certifications, etc.
Benefits: Innova Solutions offers benefits( based on eligibility) that include the following: Medical & pharmacy coverage, Dental/vision insurance, 401(k), Health saving account (HSA) and Flexible spending account (FSA), Life Insurance, Pet Insurance, Short term and Long term Disability, Accident & Critical illness coverage, Pre-paid legal & ID theft protection, Sick time, and other types of paid leaves (as required by law), Employee Assistance Program (EAP).
ABOUT
INNOVA SOLUTIONS:Founded in 1998 and headquartered in Atlanta, Georgia, Innova Solutions employs approximately 50,000 professionals worldwide and reports an annual revenue approaching $3 Billion. Through our global delivery centres across North America, Asia, and Europe, we deliver strategic technology and business transformation solutions to our clients, enabling them to operate as leaders within their fields.
Recent Recognitions:
- One of Largest IT Consulting Staffing firms in the USA - Recognized as #4 by Staffing Industry Analysts (SIA 2022)
- Clearly Rated® Client Diamond Award Winner (2020)
- One of the Largest Certified MBE Companies in the NMSDC Network (2022)
- Advanced Tier Services partner with AWS and Gold with MS
Website: https://www.innovasolutions.com/
Innova Solutions is an Equal Opportunity Employer and prohibits any kind of unlawful discrimination and harassment. Innova Solutions is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment on the basis of race, color, religion or belief, national origin, citizenship, social or ethnic origin, sex, age, physical or mental disability, veteran status, marital status, domestic partner status, sexual orientation, or any other status protected by the statutes, rules, and regulations in the locations where it operates. If you are an individual with a disability and need a reasonable accommodation to assist with your job search or application for employment, please contact us at or (770) 493-5588. Please indicate the specifics of the assistance needed. Innova Solutions encourages all interested and qualified candidates to apply for employment opportunities. Innova Solutions (HireGenics/Volt) does not discriminate against applicants based on citizenship status, immigration status, or national origin, in accordance with 8 U.S.C. § 1324b. The company will consider for employment qualified applicants with arrest and conviction records in a manner that complies with the San Francisco Fair Chance Ordinance, the Los Angeles Fair Chance Initiative for Hiring Ordinance, and other applicable laws.
Regards,
American Cybersystems, Inc is acting as an Employment Business in relation to this vacancy.