Security Test Engineer (17-167) - 1

Security Test Engineer (17-167) - 1

Eden Prairie, MN 55343

Summary:

The client is looking for a security test engineer to join our growing team in “greenfield” development. We are looking for someone who has a passion for world-class software development, has a deep understanding of offensive security techniques, information security practices, and has knowledge across a wide range of technology stacks. This person will join us in caring about the customers who trust Spok to protect and secure their data. In this position you will be a key member of the team in communicating potential targets, security weaknesses, exploits, and vulnerabilities to our business and technical teams using both technical and non-technical terms that the business understands.

You might be a good fit if you enjoy learning new things, thinking outside the box and have an innate curiosity of how things work and how to solve problems.

Essential Duties and Responsibilities:

Define security testing approach and plan by working closely with architects and developers to ensure appropriate artifacts are built into test plans

Test and verify software security in compliance with technical reference architecture

Configure, run and monitor automated security testing tools

Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary

Troubleshoot and communicate issues that arise

Perform security research, analysis, and testing via threat modeling, vulnerability assessment, source code analysis, penetration testing, and/or social engineering across different applications, platforms and systems

Clearly outline and document risk impacts of test findings in reports

Present findings to bring all stakeholders to a common understanding of the security issues, risks, its impact and remediation plan

Revise documents as tactics and technics evolve to address new and emergent threats and trends

Educate our product teams on security best practices

Provide guidance on different areas of security technology, including: network security, platform security, authentication/authorization systems, application security, policy enforcement, and security frameworks

Proactively protect the integrity, confidentiality, and availability of information processed by and/or in the custody of the organization

Knowledge Skills, and Abilities: (Submission Summary)

Required Qualifications:

1. Bachelor's degree from a four-year college or university in Computer Science or Information Technologys or related field; or equivalent combination of education and experience.

2. 5-7 years hands on security testing or development experience

3. Must demonstrate passion for identifying and exploiting vulnerabilities

4. Knowledge of open source security testing standards and projects, including OWASP

5. Understanding of cloud computing models, technologies and concepts

6. Proven experience working with modern penetration testing tools and methods

7. Experience with Network, Application, Web, Mobile, Cloud, Social Engineering pen concepts

8. Windows/Linux/UNIX internals

9. Experience using scripting languages (Ruby, Perl, Python, PHP, etc.)

10. Experience using C++, JAVA, C#

11. Excellent documentation and reporting skills

12. Industry savvy, and has an ability to work independently or as part of a dynamic collaborative team

13. Recognized industry certifications in penetration testing preferred. (E.g. CEH, GPEN, OSCP CEPT or CISSP) - Desired

14. Prior experience with security audits/reviews, vulnerability assessment and risk assessment - Desired

15. Experience with AWS or Azure environments, dev ops, and automation - Desired

16. Experience with Docker or other container technologies - Desired

17. Experience working in an agile environment - Desired

18. Clinical/Healthcare experience is a plus - Desired

19. Present Salary?

20. Salary Expectation?

21. Must be a US Citizen or Green Card holder?