IS Senior Security Resilience Penetration Tester
ABB
Madrid, Spain
hace 5 horas

Working with Global Business Services, you will be responsible in delivering bespoke penetration testing of servers and applications to identify vulnerabil-ities and mitigating the potential impact of the exploitation of undetected or un-addressed vulnerabilities.

Designs and executes penetration tests that demonstrate how an adversary can either subvert the organization's security posture, goals or achieve specific adversarial objectives.

Manages and coordinates Resilience testing activities with other teams. Designs and maintains testing techniques and methodology to ensure tests are per-formed in accordance with them and provide Manager with an overview of ABB’s risk exposure from internal and external threats.

Interacts with other security departments with regards to assessing the risk deriving from the findings along with potential mitigations.

This position reports to

IS Application Security Manager

Your responsibilities

  • Coordinate external penetration testers conducting testing engagements on ABB assets, by scoping prospective engagements.
  • Coordinates and manages planning of penetration tests, within a defined area of business activity.
  • Delivers objective insights into the existence of vulnerabilities, the effective-ness of defenses and mitigating controls - both those already in place and those planned for future implementation.
  • Takes responsibility for integrity of testing activities and coordinates the execution of these activities.

  • Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases.
  • Provides authoritative advice and guidance on the planning and execution of vulnerability tests.
  • Defines and communicates the test strategy, manages all test processes and report status to Application Security Manager.
  • Your background

  • Bachelor’s or Master’s degree in Information Technology, Computer Science, Software Engineering, or a related qualification, and / or proven capability through past employment experience
  • 8+ years of Information Security experience with at least 4 years in leading service delivery and security operations and at least 2 years in performing network / application penetration testing
  • Strong experience in security services operations from design, launch and maintenance. Services across network, endpoint security, datacenter / cloud etc.
  • Excellent written and verbal communication skills, and ability to present complex and technical issues to diverse audiences including senior management
  • ITIL 4 Foundation certification required,
  • CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager) or penetration testing related (required (e.
  • g. GPEN, GWAPT, OSCP, OSWE, eWPTX) certification preferred

  • Knowledge of networking fundamentals (all OSI layers). Thorough under-standing of network protocols, data on the wire, and covert channels.
  • Understanding of software exploitation (web, client-server and mobile) on modern operation systems. Familiarization with XSS, SSJS, filter bypassing, Injection, CSRF, etc.
  • Familiarity with interpreting log output from networking devices, operating systems and infrastructure services
  • Familiarity with common reconnaissance, exploitation, and post exploitation frameworks.
  • Practical experience in mobile and / or web application assessments, shell scripting or automation of simple tasks (using Perl, Python, or Ruby), developing exploits, reverse engineering malware, source code review for control flow and security flaws.
  • Strong attention to detail in conducting analysis combined with an ability to accurately record full documentation in support of their work.
  • Detailed knowledge of current international best practices in privacy.
  • Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación