CA Technologies Senior Penetration Tester - Web & Mobile Application Security in London, United Kingdom
Do you want to help eliminate barriers between ideas and business outcomes? We want you to bring your unique experiences and creative ideas to the table. CA Technologies provides software and solutions that help our customers to develop, manage, and secure complex IT environments to increase productivity and enhance competitiveness in their businesses. It’s our aim to encourage global collaboration and results-oriented innovation, while supporting and developing our talented people and our communities. CA Technologies will empower you to drive authentic success, for both the business and yourself in the application economy.
CA Veracode envisions a world where secure software is synonymous with great software, and where applications that matter are made to be secure from the start. We currently have a unique opportunity for a Senior Penetration Tester to join our Security Consulting team. This role can work remotely 100% of the time with infrequent travel to client or CA facilities as needed (5-10%). Our team is an experienced and highly skilled group of penetration testers that takes direction from some recognizable industry subject matter experts. We will consider experienced applicants at various career levels so read on to learn what we are looking for.
Perform application penetration testing and vulnerability assessments against custom built software applications on Internet-facing and native systems
Identify and exploit vulnerabilities in applications
Document technical issues identified during security assessments utilizing standard CWE and CVSS classifications
Research emerging security topics and new attack vectors
Work independently to meet customer and project deadlines
Interact with customers in a collaborative consultative manor to deliver results, provide feedback and remediation recommendations on penetration testing findings.
Leverage CA Veracode’s automated analysis solutions for efficient delivery of focused and comprehensive test formats.
A year or more working in a “work from home” / remote capacity would be ideal.
Extensive experience of penetration testing, some of which should be specific application penetration testing in a consulting environment.
A focus on testing web and mobile applications.
Understanding of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.).
Development and/or source code review experience in at least several of the following languages/Scripting languages: C/C++, C#, VB.NET, ASP, PHP, Python or Java.
Understanding of how data flows through an application and connected components (SMTP, LDAP, Database servers).
Understanding of common software security issues and remediation techniques (OWASP top 10, SANS top 25, etc.).
Familiar with common Windows/Linux commands and scripting.
Familiarity with general application and network security concepts.
Ability to communicate effectively both written and verbal.
Ability to travel for company related events and potential onsite client work (5-10%).
Familiar with OWASP Top 10 and CWE/SANS Top 25 classification systems.
Familiar with profiling an application, identifying threats, and developing test cases to target identified threats.
Familiar with developing proof-of-concept exploit examples to use within reports or live demonstrations.
Familiar with documenting and communicating results that may be consumed by both developers and management-level audiences.
Familiar with testing web applications, natively compiled binary applications, mobile applications, and web services.
Familiar with using as many of the tools listed below (open to others not listed):
o Intercepting Proxies (i.e. Burp Suite, Charles, OWASP ZAP proxy, etc.).
o Web Service Testing Tools (i.e. soapUI).
o Disassemblers/Decompilers/Debuggers (IDA Pro, OllyDbg, WinDbg, jad, flare/flasm, SoThink SWF Decompiler, Firebug, etc.).
o IDEs (i.e. Visual Studio or Eclipse).
Degree from an accredited College or University in Computer Science, Information Systems, Engineering or a related major
Professional web-application development or source code review experience
Familiar with writing tools to aid in penetration testing.
Development experience with multi-tiered Internet applications
Development and/or architecture familiarity mobile applications, specifically iOS, Android and Windows Mobile
Penetration testing and reverse engineering experience with embedded systems and hardware (i.e. IoT devices)
Experience developing custom scripts or tools used for vulnerability scanning and identification
Unix, Windows, or networking security experience
Development and/or source code review in Flash/Flex and SharePoint Technologies
Development and/or architecture familiarity mobile applications, specifically Apple iOS and Android
- More About Working at CA Technologies*
CA has earned scores of global Workplace Excellence awards in the last few years – and there’s a reason for that. Here you’ll have the opportunity to eliminate barriers for our customers, and earn a competitive compensation and total rewards package – all while pushing the boundaries of what’s possible by collaborating with a diverse team of global innovators. In short, CA’s fun, diverse, and fast-paced culture has put us on the map as one of the best employers in Information Technology.
Learn more about CA Technologies and this opportunity now at http://ca.com/careers.