CoStar Group is looking for a Penetration Tester in Washington – Apply Here!

Deal Score0
Deal Score0

Senior Web Application Penetration TesterJob Description*Senior Web Application Penetration Tester**OVERVIEW *CoStar Group, Inc. (NASDAQ — CSGP) ([]()) is commercial real estate’s leading provider of information and analytic services. Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of real estate information. CoStar builds and operates over 50 websites serving 85 million site visitors each month. We have over 5000 employees across the world working to deliver comprehensive, timely and standardized information on commercial real estate, residential real estate, and apartments. *Position Overview:*In this role, you will secure software and applications that power the worldwide real estate market. Work with 1,000 software, QA, and operations engineers to secure code in the pipeline and at run time. The candidate will utilize threat modeling, white box application security analysis, and grey box penetration testing. This position will collaborate with software development teams, devops, and security to drive and shape the way our employees and engineers build, deploy, and operate applications.*ROLE RESPONSIBILITIES** Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC* Develop a repeatable framework to scale application security controls across 100+ applications* Manage a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) at enterprise scale* Penetration test web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques* Demonstrate risk of detected issues to both technical and non-technical audiences* Utilize sustainable methods to automate finding feedback loop to generate developer work items and trigger re-scan when associated work items are closed.* Recommend code changes to eliminate vulnerabilities* Automate security testing at various stages within the CI/CD pipeline* Develop secure coding standards and training across multiple application frameworks and technologies* Research emerging threats, vulnerabilities, and attack techniques*BASIC QUALIFICATIONS:** Bachelor’s Degree (preferably in a relevant field – Computer Science/Cyber Security)* Minimum 5 years total experience in a technical role such as software engineer or security engineer with at least 2 years as a software developer.*Relevant experience areas (experience required in at least 3):** Design, implementation, and operation of a secure software development lifecycle* Experience with web application penetration testing and common attack vectors* Experience with secure application development* Experience with defense-in-depth strategies to help mitigate existing risk within applications* Software development experience in a common programming language: C# (preferred), Java, C/C++, Python, or Go* Scripting/programming skills – Python, PowerShell, GoLang, Perl, JavaScript, .NET, API Integration* Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk* Dynamic application security testing (DAST) through Metasploit, Burpsuite, OWASP ZAP, Acunetix, etc.* Industry relevant professional certifications:* ISC-2 CISSP* Offensive Security Web Assessor (OSWA) / Expert (OSWE)* Offensive Security Certified Profession (OSCP / OSCE)* SANS GIAC Penetration Tester (GPEN)* SANS GIAC Cloud Penetration Tester (GCPN)* SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)*PREFERRED QUALIFICATIONS AND SKILLS ** In-depth understanding of various assessment tools* Knowledge of infrastructure operations across databases, network, and system administration* Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation.* Experience coordinating with application teams to drive security by design principles* Ability to mentor and train team members to prioritize security efforts effectively* A self-starter who can advance the application security program and follow-through ideas to completion.* Hands-on experience implementing security tools into CI/CD pipelines.* Experience testing serverless cloud deployments#LI-AR#LI-HybridCoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

Apply Here

We will be happy to hear your thoughts

      Leave a reply

      Tech Jobs Here

      Get Alerts on the Latest Job Posts in your Inbox- Daily!




      We will not spam you. Don't forget to add us to your contacts!