Apply for this job now

Test Engineer

Location
Santa Clara, California
Job Type
Permanent
Posted
13 Sep 2020
Position Title: Test Engineer

Position Number: 346896

Location: Andover, MA 01810

Position Type: Temporary

Required Skill Set:

Agile, C#, JavaScript, SQL

Position Description:

**C2C is not available**
**Only U.S. Citizens and those authorized to work in the U.S. can be considered as W2 candidates.**

Title: Test Engineer
Location: Andover MA 01810

Description/Comment:
Application Security / Pen Test Engineer.
Client is connecting millions of smart devices from buildings, data centers, industrial plants, and infrastructure to the cloud to provide innovative solutions to address sustainability and reduce costs. We are looking for a talented Application Security and Pen Test Engineer to join our Data Management team.
This position is well suited to a collaborative individual who enjoys working closely with technical team members in a fast-paced environment to ensure security is integral to the software and is not an afterthought. 2+ years of experience automating tests in the CI/CD pipeline is required. Strong knowledge of security tools and testing is required. 2+ years of experience with pen test and Security Development Lifecycle (SDL) practices is required and helping teams to integrate SDL practices into their software development lifecycle is a strong plus.
Responsibilities:
• Automate security tests (SAST, DAST, SCA, system security tests, fuzz tests, endpoint scanning, etc.) in the CI/CD pipeline to verify security features and controls function as intended, security configuration is correct, and attack surface is minimized.
• Perform penetration tests to verify that web services, web applications, and security features do not contain vulnerabilities.
• Provide guidance and act as Security Advisor to development teams to ensure they effectively implement and adhere to client Policy to provide an industry-leading level of cybersecurity protection for the deployed platform.
• Audit final security reviews, recommend mitigations to reduce risk (if excessive risk is present), enumerate residual risks and obtain management sign off for acceptance of residual risks, and recommend if the software should be released.
• Ensure third parties that develop software for Data Management are compliant with client SDL policy. Analyze security of third-party service providers to ensure they meet security requirements.
• Work with external organizations (for example, client Security Office) to resolve security-related issues and concerns that support or affect the project team.
• Some travel may be required, less than 10%.

Qualifications
• BA/BS in Computer Science or Computer/Electrical Engineering (or equivalent)
• Possess one or more cyber security certifications
• 2+ years of experience automating tests in the CI/CD pipeline
• 2+ years of experience Pen testing
• 2+ years of experience with Security Development Lifecycle (SDL) practices
• DevOps and DevSecOps experience and/or knowledge a strong plus
• Experience integrating SAST, DAST, and software composition analysis scans in CI/CD pipeline
• Strong knowledge of, and experience with, security tools such as Nessus, nmap, ZAP, Gauntlt, Wireshark, Burpsuite, Metaspoit, etc
• Experience helping teams to integrate Security Development Lifecycle (SDL) practices into their software development lifecycle is a strong plus
• Experience as a Security Advisor for a security team, or experience performing Final Security Reviews
• Knowledge of security risks to web applications, mobile applications, web services, and cloud applications
• Experience testing web applications and/or RESTful web services and/or cloud applications
• Knowledge or experience with some of the following: C#, Javascript, Node.js, SQL, NoSQL (MongoDB, for example), Azure PaaS services, AMQP, MQTT, CoAP, SAML, OAuth 2, OpenID Connect
• Experience working in an Agile team
• Knowledge of SAFe a plus
• Demonstrated ability to analyze problems and identify solutions
• Self-starter and team player; ability to work independently and drive initiatives
• Strong writing and communication skills, including the ability to render concise reports, summaries, and presentations

Job Requirements:
Qualifications
• BA/BS in Computer Science or Computer/Electrical Engineering (or equivalent)
• Possess one or more cyber security certifications
• 2+ years of experience automating tests in the CI/CD pipeline
• 2+ years of experience Pen testing
• 2+ years of experience with Security Development Lifecycle (SDL) practices
• DevOps and DevSecOps experience and/or knowledge a strong plus

Rose International is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender (expression or identity), national origin, arrest and conviction records, disability, veteran status or any other characteristic protected by law. Positions located in San Francisco and Los Angeles, California will be administered in accordance with their respective Fair Chance Ordinances.

Rose International has an official agreement (ID #132522), effective June 30, 2008, with the U.S. Department of Homeland Security, U.S. Citizenship and Immigration Services, Employment Verification Program (E-Verify). (Posting required by OCGA 13/10-91.)
Apply for this job now

Details

  • Job Reference: 173889150-2
  • Date Posted: 13 September 2020
  • Recruiter: Rose International
  • Location: Santa Clara, California
  • Salary: On Application
  • Sector: HR / Recruitment
  • Job Type: Permanent