Fin-Tech, Payments, Security
About the client
My client is a Tech Security firm specializing in working with the Payments, Fintech and Financial sectors. Agile and Lean the firm operates across Europe with a growing number of the continents leading clients.
My client is looking for an experienced security test analyst with recent and relevant working experience as a software security tester. Security testing experience in a Payments or Fintech environment is advantageous You’ll be responsible for the execution of security tests on a wide variety of our clients internal and external facing applications.You also will assist with the continuous improvement of the processes critical to the success of our clients security teams.
Provide internal and external network penetration testing
Create actionable reporting based on findings, application testing, including black-, grey-, white box, code reviews and reverse engineering, software development advisory, network and software architecture reviews and guidance, social engineering, physical and red team engagements.
- B.S. in Computer Science or related technical major (M.S./PhD preferred), or significant job experience. Advantages to possess a valid (Current) ECPPT, OSCP, ECSA, Sans, GIAC Certification.
- Minimum 3 years penetration testing experience
- Knowledge of common web application penetration testing tools including, but not limited to Burp, Fiddler, OWASP Zap, BeEF, and at least one commercial solution (WebInspect, AppScan, or similar).
- Experience deploying enterprise security testing solutions.
- Familiarity with common network vulnerability / penetration testing tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap.
- Experience with debuggers, disassemblers, binary patch diffing (e.g. BinDiff).
- Experience with testing automation suites such as Cucumber, Jasmine, Selenium.
- Experience with cryptography, X509 certificates, signatures, securing TLS/SSL parameters, and certificate pinning.
- Technical depth in one of the following areas: Java EE, Node.js, Scala, iOS, Android OS, Windows Mobile, web services.
- Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration.
- Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.
- Willingness to travel
- Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.
- Eagerness to challenge the status quo, balanced with a reasonable and methodical approach to effecting change.
- Interest in the financial sectors is a plus