Software Security Tester
Graduate job Andover (Essex County) Design / Civil engineering / Industrial engineering
Job description
Join Schneider Electric and power your career!
Discover the opportunity to join an international, dynamic, and responsible company that fosters the development of all its people around the world. Every day, we empower employees to achieve more and experience exciting careers. Find out how our values and unique position make Schneider Electric the employer of choice.
Location: Andover, MA
Title: Software Security Tester - Digital Services Platform
Schneider Electric is connecting millions of smart devices from buildings, data centers, industrial plants, and infrastructure to the cloud to provide innovative solutions to address sustainability and reduce costs. We are looking for a talented security tester to join our team.
This position is well suited for a creative and imaginative individual who enjoys designing their own tests in a fast-paced environment. 2+ years of experience with security testing tools, network vulnerability assessments, and penetration testing is required.
Responsibilities:
The successful candidate's primary responsibility is to verify the security of Schneider's cloud platform. Responsibilities include performing web app/service penetration testing, web app/service vulnerability scanning (automating as much as possible), and vulnerability assessments of Azure IaaS (virtual machines, VNETs, gateways, etc). The position entails working collaboratively with the Cybersecurity Architect, software architects, QA engineers, and developers to understand the software and design comprehensive and effective security tests.
Additional responsibilities may include, but is not limited to:
· Prepare assessment reports and recommend risk mitigations to improve the cyber security posture of the cloud platform
· Create and maintain security test documentation and other collateral
· Security test automation
· Maintain working knowledge of emerging exploits and security risks
· Evaluate and recommend security testing tools
· Privacy testing
· Social engineering testing
Qualifications
· BA/BS in Computer Science or Computer/Electrical Engineering (or equivalent)
· 2+ years of experience with penetration testing / vulnerability testing / ethical hacking methods
· 2+ years of experience with security testing tools (for example, Fiddler, Nessus, Metasploit, nmap, BurpSuite, etc.)
· Possess one or more of GWEB, GPEN, GWAPT, OSCP, or CEH (or equivalent) certifications
· Knowledge of security risks to web applications, mobile, web services, and cloud platforms
· Ability to quickly comprehend software designs and threat models
· Demonstrated ability to analyze problems and identify solutions
· Demonstrated use of creativity and imagination to design effective security tests and exploits
· Self-starter and team player; ability to work independently and drive initiatives
· Strong writing and communication skills, including the ability to render concise reports, summaries, and presentations
· Knowledge of open security testing standards and projects, including OWASP
· Familiarity with Security Development Lifecycle (SDL) practices
· Familiarity with privacy standards and regulations a plus
· Familiarity with one or more of the following technologies: RESTful web services, ASP.NET, C#, Node.js, SQL, NoSQL (MongoDB, for example), OAuth 2, OpenID Connect, Microsoft Azure, and network ports, protocols, and services
· Background in web application/service development is a plus
Desired profile
Desired Skills & Experience
Qualifications
· BA/BS in Computer Science or Computer/Electrical Engineering (or equivalent)
· 2+ years of experience with penetration testing / vulnerability testing / ethical hacking methods
· 2+ years of experience with security testing tools (for example, Fiddler, Nessus, Metasploit, nmap, BurpSuite, etc.)
· Possess one or more of GWEB, GPEN, GWAPT, OSCP, or CEH (or equivalent) certifications
· Knowledge of security risks to web applications, mobile, web services, and cloud platforms
· Ability to quickly comprehend software designs and threat models
· Demonstrated ability to analyze problems and identify solutions
· Demonstrated use of creativity and imagination to design effective security tests and exploits
· Self-starter and team player; ability to work independently and drive initiatives
· Strong writing and communication skills, including the ability to render concise reports, summaries, and presentations
· Knowledge of open security testing standards and projects, including OWASP
· Familiarity with Security Development Lifecycle (SDL) practices
· Familiarity with privacy standards and regulations a plus
· Familiarity with one or more of the following technologies: RESTful web services, ASP.NET, C#, Node.js, SQL, NoSQL (MongoDB, for example), OAuth 2, OpenID Connect, Microsoft Azure, and network ports, protocols, and services
· Background in web application/service development is a plus
About Schneider Electric
Care. Connect. Challenge. Commit.
Our values define our company. Who we are, our customer approach, how we do business, what it's like to work here, and the kind of people we want to attract and retain. We care for our planet, our customers, our company, our team, and ourselves. We connect to customers and colleagues; we are open and respectful. We challenge others and embrace challenges ourselves. We commit to change by leading the change.
At Schneider Electric, because we value our employees, we offer a competitive benefits package that includes medical, dental and vision, matching 401(k), training and development opportunities and much more. Join Schneider Electric and together, let's make the most of your energy.