Application Security Engineer - (Penetration Testing)

  • Highlands Ranch, CO, USA
  • Full-time

Company Description

The successful candidate will be part of a global team to design and develop Test designs and Test cases for the Issuer processing Quality Assurance Organization. Perform Functional and Automation testing for Debit Processing Services applications. Should have detailed analytical skills and good understanding of the test methodologies and be able to interface directly and take decisions with staff members of Quality Assurance, Product Management, Project Management, and Development.

Job Description

We are recruiting an AppSec Engineer to bring blue-sky thinking to one of our key strategic products. Working with a team of talented Engineers you will be at the forefront of revolutionizing the test approach and strategy for one of our integral product offerings. This team is primarily passionate about performance, scalability and high availability and requires a talented QA Engineer to shape and drive its testing strategy.

As a Lead/Staff QA Engineer you will be responsible for:

-  AppSec Engineer

-  Penetration Testing

-  Establishing, leading and executing the testing strategy at team level

-  Being the voice for testing in the design and roll out of our application and services

-  Partnering with your technical counterparts to deliver world-class products

-  Embracing Agile to inspire change and continuous improvement throughout the delivery process

-  Championing the importance of quality in all aspects of the delivery lifecycle

-  Channeling your creative and innovative mindset to continually evolve and enhance the test strategy and processes

-  Taking a “hands-on” role in both the creation and execution of manual and automated test cases

-  Functional, non-functional, integration and regression testing of CyberSource’s portfolio of products

-  Investing appropriately in process changes, automation, tools etc. to reduce, improve and simplify the overall QA effort for the product

-  People Development: Training and mentoring our talented QA Engineers to nurture and refine their testing mindset and skills

-  Instigating and contributing to quality centric change initiatives within CyberSource at both a local and global level

-  Be at their best when they are collaborating with a high performing team

-  Be inquisitive in nature and innovative in their approach regarding how to maximize quality

-  Be equally comfortable in creating and executing manual and automated tests

-  Be an established self-starter who possesses a relentless drive to initiate change, raise the technical bar and deliver results

-  Have shown experience in testing with a creative edge, showcasing strong problem-solving skills and excellent judgement

-  Have proven experience in leading QA effort on large-scale software projects or deliverables

-  Be confident in testing APIs, Web Services and Batching applications

-  Be a passionate advocate for nurturing talent within CyberSource NI through career management, coaching and mentoring etc.

-  Have exposure to Linux/Unix/Scripting Languages (Java preferable) and Oracle DB

-  Have a BS in Software Engineering/Computer Science/IS, or other related field with demonstrable experience in hands on testing

CyberSource is an equal opportunities employer.

• Provide accurate and timely reporting of findings and proposed remediation
and mitigations.

• Technical support could include but not limited to the following: (1) Audit
support & remediation, (2) Process Improvement, (3) Analysis &
Reporting, (4) Cross Divisional Functional education, training and awareness,
(5) Function/Methodology/Strategy advancement.

• Provide technical support to senior management in identifying and
streamlining new/existing protocols and tools used by the penetration testing

• Develop and automate scripts, tools and resources needed to advance ethical
hacking capabilities around new and emerging technologies like mobile, cloud
and embedded systems.

• Actively involved in security research around new and emerging technologies.



• Bachelor's Degree (or equivalent)
in Computer Science, Information Security or a related field

• At least 5 - 8 years of progressive experience with increasing responsibility
in Information Technology, Information Security and Compliance that includes a
combination of technical and project leadership responsibilities

• Prior experience or expertise performing application and infrastructure
pentests (penetration testing)

• Experience in writing proof-of-concept exploits

• Well versed in system exploits (e.g. Buffer Overflows, PTH attacks, windows
authentication framework etc.), network exploitation (e.g. VLAN hopping) or web
application exploitation

• Well versed with security tools & frameworks like Metasploit, Core,
Canvas, AppScan, WebInspect, etc.

• Proficiency in one or more scripting language. E.g. Perl, Python, Shell Scripting

• Good interpersonal, facilitation, and demonstrated emerging leadership skills

• Able to operate at an advanced level of written and spoken communication;
write and speak effectively with impact

• Good understanding of Ethernet, switched LAN and WAN environment and detailed
understanding of layer 3 and layer 4 specifications, including IP, TCP, TCP/IP
routing protocols and management of ACLs.

• Knowledge of logical / physical access control methods, connections
alternatives using private, public and wireless solutions, Network/Host
Intrusion Detection Engines, Vulnerability Management Tools, Patch Management
Tools, Penetration Testing Tools, Anti-Virus/Anti-Spyware solutions

• Conducts complex analytical functions by performing security assessments and
ethical hacks of high risk sensitive applications

Additional Information

All your information will be kept confidential according to EEO guidelines.

Privacy Policy