RESPONSIBILITIES:Kforce has a client seeking a Security Technologist in Redmond, Washington (WA).
Our client is a cutting-edge provider of world class software, solutions and services. Employing over 100,000 passionate people worldwide, they empower every person and every organization on the planet to achieve their dreams. Their best in class advancements in cloud, mobile, machine learning, and AI are changing the way people go about their lives. Doing business in 170 countries, our client is dedicated to fulfilling their mission of helping you and your organization achieve more around the world.
The client is looking for a talented, experienced web pen tester, developer, or technical PM to help incubate a new web-focused dynamic application security testing (DAST) offering within the company's Security Risk Detection. The role involves working with a large number of customers to understand their web technologies; tune our prototype tooling to accommodate (based on their architectural choices); successfully scan and analyze results; assist customer with issue remediation; delivering a final report to the customer; summarizing the overall findings for internal discussion, and providing input to the product planning process.
- Degrees or certifications required - None
- Years of experience required - 5+ years
- Experience successfully running web security scanners - 4+ years
- Security assessments, penetration testing, vulnerability testing - taken an application they do not know and in a short time able to tell all that is wrong with it - 4 years
- Web development - 1 year
- Best vs. average - Experience with DevOps - continuous integration and deployment
- Performance indicators - Queue of requests to scan - turnaround time (how fast they took request and got scan running, customer satisfaction with scan, how many customers are able to self-service these)
The ideal candidate will be familiar with many or most of the following:
Solid understanding of modern and legacy web architectures:
- Runtimes like Node.js, .NET, JVM
- Frameworks like MVC, ASP.NET, Angular, React, Knockout
- Web services using REST, JSON, XML, SOAP
- Authentication protocols like SSO, HTTP (Basic, Digest, NTLM), Kerberos, OAuth, TLS/X509
- Test frameworks and technologies like Selenium, protractor, macros, etc.
- Test tools like curl, fiddler, postman, F12, wireshark, Metasploit, Kali, ZAP, Burpsuite, etc.
- Experience in defensive and offensive web security
- Basics - vulnerability classes like OWASP Top 10, keeping up to date with trends and threats
- Hardening - threat modeling, issue remediation, assessing least privilege
Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.