As security testing engineer (pentester), you will help EPAM's clients to assess the security level of their infrastructure, web and mobile applications. This position will require advanced technical depth and experience, technical leadership, and multi-faceted communication skills. Scope and tasks may vary depending on the customer needs. You may be involved in the full project security lifecycle from analysis and planning to development and deployment, as well as assisting with pre-sales opportunities, delivering security related trainings. Along with this, you may be engaged to perform short-term pentests requiring to act like an insider (internal penetration test) or external penetration test, in which you will simulate an attack via the Internet.
- Scoping and estimating tasks, as well as managing multiple tasks with minimal supervision.
- Conduct vulnerability assessments and penetration testing.
- Collaborate with technical and management personnel across the full security assessment life cycle.
- Utilize problem solving skills, especially within troubleshooting complex issues while identifying options and/or alternatives.
- Document all disclosed issues using different reporting formats
- Provide remediation suggestions to correct disclosed issues
- Prepare cumulative reports with the results of security assessments
- Collaborate with personnel responsible for writing and presenting proposals to prospective clients.
- Manage and contribute to planning, coordination and successful completion of security engagements.
- At least 1 year of practical proven experience in security domains
- Ability to perform evaluation of application requirements, processes, technologies.
- Ability to select, educate and communicate the right solution based on client requirements and objectives.
- Experience with different scanners, exploitation tools and frameworks.
- Ability to resolve technical problems when required.
- Ability to develop custom scripts needed for specific assessment purposes (Python, bash, PowerShell).
- Ability to explain assessment results to technical and non-technical personnel.
- Experience in development of technical reports and other security-related documentation.
- Experience in security testing of Web Applications and Web Services.
- Certification in security field.
- Experience in security testing of Mobile Applications (iOS, Android).
- Experience in security testing of infrastructure.
- Understanding and practical experience in security audit process, meeting security compliance requirements (ISO, PCI DSS, HIPAA) and methodologies (OSSTM, OWASP, PTES).
- Previous experience as software engineer, or knowledge of software development methodologies is desired, but not mandatory
- Ability to develop, implement and guide security assessments’ process on the project.
LINK TO APPLY: