Application Security Pentester
To see similar active jobs please follow this link: Remote System Administration jobs
Application Security Pentester (Remote)
This position is open to remote with quarterly travel as needed. This position is open to remote with the client located Washington, District of Columbia.
*Please note, this role is not able to offer visa transfer or sponsorship now or in the future*
Practice - CIS - Cloud, Infrastructure, and Security Services
About Cloud Infrastructure & Security Services: Cognizant’s Cloud, Infrastructure, and Security Services Practice (CIS), is all about embracing digital transformation by driving core modernization holistically across layers. We help customers transform infrastructure and workplace to meet the rapidly evolving needs of the digital era. Our holistic approach delivers key results for our customers by achieving cloud driven modernization and workplace and operational transformation to run the business in a secure environment.
Job Summary
Under the general supervision of the Section Chief (Governance Risk Compliance & Data Security) the Application Security Pentester is expected to provide application security for technology platforms in the cloud and on-premise.
The candidate will be required to work with project teams service providers and business units internal and external to our client's IT function. The candidate is expected to bring application security experience allowing for our client to meet its business needs
Responsibilities
1. Perform security analysis of the application related layers of systems by performing manual and automated security tests for a broad range of systems in the cloud and on-premises.
2. This includes utilizing manual and automated testing methods to find and exploit code flaws misconfigurations and insecure software.
3. Provide recommendations for remediation of identified security flaws and guide the system owners on how to remediate them.
4. Write clear and concise penetration testing reports detailing findings and recommendations.
5. Maintain detailed documentation of test procedures and related findings.
6. Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.
Position Qualifications:
1. Security testing of custom solutions integrations with ERP solutions and other commercial of the shelf solutions application middleware (API application servers etc.) etc. that are on-premise and/or in the cloud in web fat client or mobile form.
2. Practical working knowledge and use of
- Penetration testing tools and frameworks such as BurpSuite Metasploit Nmap AppScan etc.
- Cloud and container technologies like Azure Kubernetes Azure Container Registry etc.
- Java C++ Python HTML Java script PHP.
- Windows and UNIX operating systems and operation/configuration of common web servers as Apache etc.
- OWASP WASC SANS CVE and CVSS (Threat & Vulnerability classification).
3. Practical working knowledge with identifying and mitigating security weaknesses and incorporating security into enterprise software development lifecycle both agile and traditional waterfall.
4. Demonstrated knowledge of running a broad range of web application testing tools identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan.
5. Proven level of understanding of web application technologies
6. In-depth knowledge of common website vulnerability
Education and Certifications Required
- Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 5 to10 years of relevant industries.
- CEH or CompTIA PenTest+ or CSSLP (minimum required)
- GIAC application security and/or pen testing related certifications (preferred)
- Offensive security related certifications (preferred)
Salary and Other Compensation:
The annual salary for this position is between [$84,600] - [$134,000] depending on experience and other qualifications of the successful candidate.
This position is also eligible for Cognizant’s discretionary annual incentive program and stock awards, based on performance and is subject to the terms of Cognizant’s applicable plans.
Benefits: Cognizant offers the following benefits for this position, subject to applicable eligibility requirements:
- Medical/Dental/Vision/Life Insurance
- Paid holidays plus Paid Time Off
- 401(k) plan and contributions
- Long-term/Short-term Disability
- Paid Parental Leave
- Employee Stock Purchase Plan
Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.
#LI-IR1 #CB #Ind123
Application Security Pentester
To see similar active jobs please follow this link: Remote System Administration jobs
Application Security Pentester (Remote)
This position is open to remote with quarterly travel as needed. This position is open to remote with the client located Washington, District of Columbia.
*Please note, this role is not able to offer visa transfer or sponsorship now or in the future*
Practice - CIS - Cloud, Infrastructure, and Security Services
About Cloud Infrastructure & Security Services: Cognizant’s Cloud, Infrastructure, and Security Services Practice (CIS), is all about embracing digital transformation by driving core modernization holistically across layers. We help customers transform infrastructure and workplace to meet the rapidly evolving needs of the digital era. Our holistic approach delivers key results for our customers by achieving cloud driven modernization and workplace and operational transformation to run the business in a secure environment.
Job Summary
Under the general supervision of the Section Chief (Governance Risk Compliance & Data Security) the Application Security Pentester is expected to provide application security for technology platforms in the cloud and on-premise.
The candidate will be required to work with project teams service providers and business units internal and external to our client's IT function. The candidate is expected to bring application security experience allowing for our client to meet its business needs
Responsibilities
1. Perform security analysis of the application related layers of systems by performing manual and automated security tests for a broad range of systems in the cloud and on-premises.
2. This includes utilizing manual and automated testing methods to find and exploit code flaws misconfigurations and insecure software.
3. Provide recommendations for remediation of identified security flaws and guide the system owners on how to remediate them.
4. Write clear and concise penetration testing reports detailing findings and recommendations.
5. Maintain detailed documentation of test procedures and related findings.
6. Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.
Position Qualifications:
1. Security testing of custom solutions integrations with ERP solutions and other commercial of the shelf solutions application middleware (API application servers etc.) etc. that are on-premise and/or in the cloud in web fat client or mobile form.
2. Practical working knowledge and use of
- Penetration testing tools and frameworks such as BurpSuite Metasploit Nmap AppScan etc.
- Cloud and container technologies like Azure Kubernetes Azure Container Registry etc.
- Java C++ Python HTML Java script PHP.
- Windows and UNIX operating systems and operation/configuration of common web servers as Apache etc.
- OWASP WASC SANS CVE and CVSS (Threat & Vulnerability classification).
3. Practical working knowledge with identifying and mitigating security weaknesses and incorporating security into enterprise software development lifecycle both agile and traditional waterfall.
4. Demonstrated knowledge of running a broad range of web application testing tools identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan.
5. Proven level of understanding of web application technologies
6. In-depth knowledge of common website vulnerability
Education and Certifications Required
- Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 5 to10 years of relevant industries.
- CEH or CompTIA PenTest+ or CSSLP (minimum required)
- GIAC application security and/or pen testing related certifications (preferred)
- Offensive security related certifications (preferred)
Salary and Other Compensation:
The annual salary for this position is between [$84,600] - [$134,000] depending on experience and other qualifications of the successful candidate.
This position is also eligible for Cognizant’s discretionary annual incentive program and stock awards, based on performance and is subject to the terms of Cognizant’s applicable plans.
Benefits: Cognizant offers the following benefits for this position, subject to applicable eligibility requirements:
- Medical/Dental/Vision/Life Insurance
- Paid holidays plus Paid Time Off
- 401(k) plan and contributions
- Long-term/Short-term Disability
- Paid Parental Leave
- Employee Stock Purchase Plan
Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.
#LI-IR1 #CB #Ind123