Product Security Test Engineer

in Morrisville, NC

Job #:275358

Practice Area: IT

Date Posted: 08/20/2019

Share this job  

Job Title:  Product Security Test Engineer
Location:  Remote
Industry:  IT, Security
Terms:  Permanent
Compensation:  $120k - 160k/yr + bonus (Commiserate with experience)
Requirements:  System hardening, Penetration Tester, Vulnerability Assessment, Red Teaming, Strategic Planning, Systems Assessment, Leadership

How to Apply:
For immediate attention please apply online and send a text message or leave a voicemail for Sia Kennedy at (919) 287-3972

 
Job Summary:
In this role you will support growing and evolving product security assessment needs, joining an established team responsible for securing an expanding product portfolio.  This position is well suited to candidates that thrive on challenges, with each day presenting opportunities for leveraging and refining your ethical hacking skills, solving new problems, learning new things, or working with new teams, suppliers, partners or technologies.  This is not a role for candidates that do best when single tasking or focusing on cradle-to-grave projects.  Potential exists for this position to evolve into a team lead or hybrid execution + management position for the right candidate.

Job Responsibilities:

• Working with global product teams to understand their products and devise appropriate security assessment approaches
• Installing, configuring, and using products, tools, and operating systems
• Conducting product security assessments, analyzing weaknesses, formulating mitigations or remediation measures, documenting findings, and working with global product teams to ensure proper corrective actions are implemented
• Identifying root cause of recurring issues and working with management and the larger data center team Product Security Office team to address programmatically
• Assessing risk and prioritizing mitigation and remediation activities
• Serving as a security subject matter expert and technical leader to internal and external product teams, suppliers, partners, security researchers, and business leaders
• Researching, identifying, developing, and/or customizing tools, tactics, and procedures for enhancing security assessment effectiveness
• Staying current on threats, vulnerabilities, attack techniques, new tools, and industry trends
• Facilitating, supporting, and managing assessments performed by our 3rd-party security partners
• Mentoring product security test engineers
• Supporting secure development lifecycle initiatives
• Supporting the data center team Product Security Office and Security Architectural Review Board


Job Requirements:
Basic Qualifications:
• Bachelor’s degree in information security, computer science, engineering, MIS, or similar degree programs
• Seven-plus (7+) years of practical experience assessing and securing products that power data center and cloud environments – such as embedded systems, firmware, application software, APIs, web applications, network storage solutions, operating systems, etc.
• Expertise in hands-on technical security assessments (e.g., penetration testing, vulnerability assessment, red teaming, etc.)
• Deep understanding of security weaknesses, identification, exploitation, and remediation
• Mastery of security assessment tools and helpers, such as Burp Suite Pro, curl, IDA Pro, Kali, Metasploit, Nessus, nmap, Wireshark, and similar
• Mastery of security foundations such as authentication, hardening, least privilege, attack surface reduction, protection rings, cryptography use, static analysis, dynamic analysis, fuzzing, CVSS, CWE, OWASP/SANS/CIS Top X, etc.
• Deep knowledge of and comfort with TCP/IP, including using and securing fundamental networking protocols such as TCP, UDP, ICMP, DNS, HTTP, HTTPS, SSH, etc.
• Understanding and applied use of security standards such as NIST SP800-series, NIST Cybersecurity Framework, FIPS 140-2, Common Criteria, FISMA/FedRAMP, ISO 27000, PCI-DSS, CIS Benchmarks, and similar
• Moderate programming and/or scripting skills in at least one modern programming language

Preferred Skills and Experience:
• Reverse engineering binary code
• Performing code reviews and reviewing the results of static analysis tools
• Working with geo-diverse teams across different time zones
• Strong collaboration skills over application sharing platforms and teleconferencing
• Technical consulting background
• Security certifications: CISSP, CSSLP, CEH, OSCP, or similar desired
• Ability to install, configure, and use products, tools, and operating systems

Key Personal Traits:
• Self-motivated and results driven, able to effectively work independently or as part of a team, able to motivate and cultivate collaborative relationships
• A strong technical leader to internal and external teams, suppliers, partners, and security researchers, with the ability to persuade and influence
• A critical thinker and problem solver, who is naturally curious and a consummate learner
• A good communicator, capable of clearly explaining and documenting security findings and mitigations
• Able to navigate sometimes contentious situations and successfully resolve conflicts with respect and professionalism
• Adept at multi-tasking and achieving results in a high-pressure environment while adapting to fluid business demands


Job Key Words

  • Penetration Testing
  • Vulnerability Assessment
  • Red Teaming
  • Strategic Planning
  • Systems Assessment
  • Leadership

Frequently Asked Questions:
Benefits?  Yes, provided the client
Remote Workers?  Yes, remote workers are being considered
Visa Sponsorship?  Not offered
Corp-to-Corp?  Not eligible
 
How to Apply:
For immediate attention please apply online and send a text message or leave a voicemail for Sia Kennedy at (919) 287-3972
 
ettain group is a talent solutions company dedicated to matching people with the most relevant employment opportunities in IT, healthcare IT and the digital creative space. Top employers and highly skilled talent throughout the U.S. select ettain group for a better recruitment experience. Our culture empowers teams with the flexibility to deliver a superior candidate experience and client experience using market intelligence. We recruit resources, own projects and manage programs to offer a wide range of IT development and talent solutions to our clients and candidates. To learn more about ettain group visit www.ettaingroup.com. To explore more job opportunities with ettain group, visit www.ettaingroup.com/job-board.aspx
Apply Now