Veracode looking for a smart, energetic and motivated individual to add to our team of consultants. We are open to applicants at various career levels from mid-senior.
Key Responsibilities:
As a penetration tester on our team, you will:
Perform application penetration testing, vulnerability assessments and application source code review against custom built software applications on Internet-facing and native systems
Identify and exploit vulnerabilities in applications
Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications
Research emerging security topics and new attack vectors
Work independently to meet customer and project deadlines
Interact with customers in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on penetration testing findings.
Leverage automated analysis techniques for efficient delivery of focused and comprehensive test formats.
Skills/Requirements
Required Knowledge/Skills/Abilities – All Applicants:
2+ years of Professional Web-Application Development or Source Code Review Experience
Development experience with multi-tiered Internet applications
Understands web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc)
Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, and Java
Understands of how data flows through an application and connected components (SMTP, LDAP, Database servers)
Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc)
Familiar with common Windows commands and scripting
Familiarity with general application and network security concepts
Strong technical writing skills
Excellent teaming and communication skills
Senior Level Applicants:
All of the above Plus
5+ years of penetration testing in a consulting environment
3+ years of source code review in a consulting environment
Familiar with OWASP Top 10 and CWE/SANS Top 25 classification systems
Familiar with profiling an application, identifying threats, and developing test cases to target identified threats
Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations
Familiar with documenting and communicating results that may be consumed by both developers and management-level audiences
Familiar with testing not only web applications, but natively compiled applications, mobile applications, and web services
Familiar with writing tools to aid in penetration testing