Web Application Penetration Tester

Deal Score0
Deal Score0

Website CoStar Realty Information, Inc.

Web Application Penetration Tester
Job Description
Web Application Penetration Tester
OVERVIEW
CoStar Group, Inc1-on-1 mentorship, training and advice to help users land their next job. Pay only if you succeed in getting hired and start work at a high-paying job first. (NASDAQ — CSGP) ( wwwAd:

Ready to find your dream job? Click here.

costarcom ) is commercial real estate’s leading provider of information and analytic servicesAd:

Unsure about your career? Use this free career assessment test to figure it out.

Founded in 1987, CoStar conducts expansive, ongoing research to produce and maintain the largest and most comprehensive database of real estate information CoStar builds and operates over 50 websites serving 85 million site visitors each month1-on-1 mentorship, training and advice to help users land their next job. Pay only if you succeed in getting hired and start work at a high-paying job first. We have over 5000 employees across the world working to deliver comprehensive, timely and standardized information on commercial real estate, residential real estate, and apartmentsAd:

Stop spending hours editing your resume to fit job descriptions. 1,000,000+ job seekers have improved their odds of landing an interview by 80%. Optimize my resume now.

Position Overview:
In this role, you will secure software and applications that power the worldwide real estate market Work with 1,000 software, QA, and operations engineers to secure code in the pipeline and at run time The candidate will utilize threat modeling, white box application security analysis, and grey box penetration testing This position will collaborate with software development teams, devops, and security to drive and shape the way our employees and engineers build, deploy, and operate applications
ROLE RESPONSIBILITIES
+ Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC
+ Develop a repeatable framework to scale application security controls across 100+ applications
+ Manage a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) at enterprise scale
+ Penetration test web applications and underlying infrastructure for vulnerabilities using both manual and automated techniques
+ Demonstrate risk of detected issues to both technical and non-technical audiences
+ Utilize sustainable methods to automate finding feedback loop to generate developer work items and trigger re-scan when associated work items are closed
+ Recommend code changes to eliminate vulnerabilities
+ Automate security testing at various stages within the CI/CD pipeline
+ Develop secure coding standards and training across multiple application frameworks and technologies
+ Research emerging threats, vulnerabilities, and attack techniques
BASIC QUALIFICATIONS:
+ Bachelor’s Degree (preferably in a relevant field – Computer Science/Cyber Security)
+ Minimum 3 years total experience in a technical role such as software engineer or security engineer with at least 1 year as a software developer
Relevant experience areas (experience required in at least 3):
+ Design, implementation, and operation of a secure software development lifecycle
+ Experience with web application penetration testing and common attack vectors
+ Experience with secure application development
+ Experience with defense-in-depth strategies to help mitigate existing risk within applications
+ Software development experience in a common programming language: C# (preferred), Java, C/C++, Python, or Go
+ Scripting/programming skills – Python, PowerShell, GoLang, Perl, JavaScript, NET, API Integration
+ Security tooling automation in CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions such as Veracode, CheckMarx, AppScan, X-Ray, Synopsys, or Snyk
+ Dynamic application security testing (DAST) through Metasploit, Burpsuite, OWASP ZAP, Acunetix, etc
+ Industry relevant professional certifications:
+ ISC-2 CISSP
+ Offensive Security Web Assessor (OSWA) / Expert (OSWE)
+ Offensive Security Certified Profession (OSCP / OSCE)
+ SANS GIAC Penetration Tester (GPEN)
+ SANS GIAC Cloud Penetration Tester (GCPN)
+ SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
PREFERRED QUALIFICATIONS AND SKILLS
+ In-depth understanding of various assessment tools
+ Knowledge of infrastructure operations across databases, network, and system administration
+ Ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation
+ Experience coordinating with application teams to drive security by design principles
+ Ability to mentor and train team members to prioritize security efforts effectively
+ A self-starter who can advance the application security program and follow-through ideas to completion
+ Hands-on experience implementing security tools into CI/CD pipelines
+ Experience testing serverless cloud deployments
CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

To apply for this job please visit www.recruit.net.

      Tech Jobs Here
      Logo

      Get Alerts on the Latest Job Posts in your Inbox- Daily!

       

       



       

      We will not spam you. Don't forget to add us to your contacts!