We are searching a security testing expert or security analyst, with experience in auditing web applications and ethical hacking projects, for our company security Research & Security team.
The candidate would be the technical reference for the others Security Testing Analysis of the R&S team.
The main tasks will be:
-Security assessment of our own software solutions, mainly web applications / electronic voting platforms.
-Security assessment of third-party platforms such as partners and third-party components.
-Integration with the Software Development Team and Quality Assurance Team for in the definition and control of the company “Secure Software Development Life Cycle” (S-SDLC) strategy.
-Intensive web application testing, automated vulnerability assessments, source code analysis for security testing purposes, and penetration testing in general.
-Automate the security tests and integrate the automated testing environments within the S-SDLC process.
-Research for security vulnerabilities in opensource applications.
-Research for new defensive security mechanisms related to software.
-Participation in the research, analysis and design of new advanced security mechanisms for the company developed solutions.
-Participation in the publication and diffusion (e.g., conference presentations) of the research effort results and contribution of the company in security matters.
-A person with high-interest in developing his/her career in computer security, with a strong security mindset.
-Computing or Telecommunications Engineer / BSc are preferred; other university studies such as Physics or Mathematics are accepted.
-Minimum 4-5 years of experience in Security Audits, mainly performing web application audits.
-Enough programming knowledge to prepare scripts, automatize tests, create the applications that might require for the tests, and understand software source code.
-Knowledge of methodologies and security standards such as OWASP, OSSTMM, CWE/SANS.
-Experience in using automated security testing tools.
-Team working skills.
-Fluent in technical English, spoken and written.
-Occasionally, availability for international travels.
Extra points for:
-Previous experience in Security Services firms (advisory or audit).
-Security certifications such as CEH, CISSP, or OCSP.
-Experience in using HP Fortify SCA.
-Knowledge of Software Engineering or experience working in software development companies.
-Knowledge of basic cryptography: symmetric and asymmetric cryptography, and communications protocols.
-Experience in System Administration and Web Application Firewalls.
-Other languages are an advantage.
-International working environment.
-Creative and results focused team.
-Opportunity to be part of the worldwide leader in its market.
-Great office in Barcelona center.
Esta oferta de empleo está cerrada.
- Security Testing Analyst
- Scytl Secure Electronic Voting
- Barcelona, España
- Undisclosed salary