Chicago, Illinois 60606
- Employment Type:
- Temp to Perm
- Palace Gate Corporation is currently seeking a Sr. Penetration Tester/Lead Penetration Tester for our premier client in Chicago, IL. This is a contract position in the financial industry.
Technical Requirements
- Client/Server exposure (i.e. Java, JSP, Servlet, Linux, UNIX, SQL).
- Mainframe exposure (i.e. COBOL, JCL, IDMS/ADSO, CICS).
- Database exposure (i.e. SQL Server, DB2).
- Shell Perl scripts exposure
- Strong with DB2 / PL SQL
- Strong with TLS, SSL
- Exposure and good understanding of Middleware, Siteminder, Entrust
- Good knowledge of J2EE
- Good understanding of JSP, JTA, JMS and Spring framework
- Knowledge of XML technologies (SOAP, JAXB, WSDL, XML)
- Knowledge of REST API, SOAP API
- Strong Understanding and Experience on HP Web inspect, IBM Appscan, Burp Suite Pro, Zap Proxy, Wireshark, Nessus, Nmap, Kali Linux, SQL Map, Metasploit, Veracode, Aircrack, Nikto, Maltego, Armitrage, JIRA, HP Quality Center etc.
- Familiar with Firewall, Siteminder
- Strong understanding of Web Application, Mobile, Network, WIFI and Perimeter security testing
- Good understanding of cryptography
Job Description
Responsible for analyzing, planning, executing, and reporting security testing within SDLC projects and post-production (QMI) defects. Experience and expertise on full scale Ethical Hacking/Penetration testing practice. Able to wear a Black Hat hacker’s hat when the job requires.
Demonstrate security QA exercises per industry standard best practices and respective regulations/compliances. Need to operate as a Hands-on technical person and Lead the security QA team. Process oriented and experienced with Agile and Dev Ops model.
May have responsibilities in leading other team members through projects/defects execution of security testing related activities.
Duties and Responsibilities
- Perform security risk assessment, threat analysis and threat modeling
- Plan /Design/Execute security related artifacts and activities
- Write Security Test strategy, Test Cases, Remediation Plan, and Security Test Report
- Conduct Dynamic Security Scans, Manual validations/Pen Testing, and other Security QA activates
- Conduct Remediation Strategy Discussions and User Review Sessions
- Lead/Participate projects/defects related meetings and triage activities
- Lead and Execute efforts with Web Inspect, Burp Suite Pro, Wireshark and other security QA tools as appropriate
- Lead/Participate in developing Security QA roadmap, adopt security best practices, and Implement new ideas and innovations according to the industry trends
- Create and maintain False Positive Repository Database
- Testing Web Application Security and understanding of vulnerabilities from front end, backend, database and Network/Infrastructure
- Cross the line of the Web Application Security Testing and participate in Mobile, Network, Perimeter, WIFI and other security functions as needed
- Lead/Perform Red Team and Blue Team exercises
- Wear Black hat hackers hat as required and perform invasive security testing
- Participate Pen Testing and Ethical hacking activities on identified tasks
- Perform API (Web Services) security Testing (Restful, SOAP)
- Adhere to the QA best practices and work for delivering Secured and Quality products
- Train the Security QA’s and cross functional team members
- Be the in-house security expert and raise the overall security awareness throughout the organization
- Good understanding of business process, systems knowledge
- Good understanding of QA Methodology, Policy, Process, Tools
- Strong problem solving abilities, Able to work under minimal supervision , Encourages input from all members of the team
- High energy, results driven person with strong interpersonal skills
- Excellent communication skills and the ability to interface with more senior co-workers and leadership with confidence and clarity
- Support the Security QA manager in Security QA activities and be a Team Player
- Builds loyalty and commitment
Education and Training
Bachelor’s degree in Computer Science or a related discipline or an equivalent combination of education and work experience.
Professional Experience
- Minimum 10 years of work experience
- Minimum 5 years of experience with Security Testing.
- Able to Analyze, Plan, Perform, and Report Security testing related activities
Qualified candidates should send their resumes to bari@palacegatecorp.com
Palace Gate Corporation is an information technology consulting firm that provides innovative staffing solutions to industry leading companies across the United States. Our experienced team uses new and unique approaches to deliver the right technology solutions and meet the most demanding enterprise needs. We strive to enable our clients to continue their success and achieve their business objectives by providing expert IT consultants. Our company approach is simple: match the right people with the right opportunity.
Palace Gate Corporation offers full medical and dental insurance, 401K, as well as weekly direct deposit. For more information or to view all our open jobs, please visit www.PalaceGateCorp.com.