Security Tester Job Description
Security tester
provides vulnerability scanning and remediation guidance, PCI ASV scanning, false positive validation, compliance scanning and policy and standard creation.
Security Tester Duties & Responsibilities
To write an effective security tester job description, begin by listing detailed duties, responsibilities and expectations. We have included security tester job description templates that you can modify and use.
Sample responsibilities for this position include:
Demonstrates extensive expertise in information security, penetration testing, and engineering practices
Present written findings to teams, providing details of the vulnerabilities discovered recommended remediation steps
Analyze, disassemble, and reverse engineer code to discern weaknesses for exploitation
Document technical issues identified during security assessments and incidents and write reports
Follow up on implementation of corrective actions from assessments and incidents
Research security threats and attack vectors
Hack large enterprise scale systems
Be creative in approaches to solving problems
Independently plan and execute penetration tests that maximize the learning opportunity and value of those tests without putting the business at risk
Work with Development Managers to prioritize and execute remediation plans
Security Tester Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Tester
List any licenses or certifications required by the position: CREST, OSCP, CISSP, II, MCTS, IAT, GPEN, III, CEH, GWAPT
Education for Security Tester
Typically a job would require a certain level of education.
Employers hiring for the security tester job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Engineering, Education, Information Security, Information Technology, Computer Engineering, Information Systems, Technology, Business
Skills for Security Tester
Desired skills for security tester include:
Application reverse engineering techniques and procedures
OWASP vulnerabilities
Tools and methodologies
PCI
PCI ASV and SSDLC
Systems integrity and confidentiality
Common scanning tools developing in house tools to improve delivery where necessary
DPA and ISO27001
Good security practice covering the physical and logical aspects of information products
HTTP
Desired experience for security tester includes:
Load Balancing (LB) using edge nodes
Strong knowledge of desktop, server, application, and network security principles for conducting comprehensive threat analysis and risk identification
Well versed in social engineering techniques and defenses
Strong knowledge of security engineering standards (OWASP), PKI, NIDS, HIDS, system hardening principles and investigative methods
Adept at building and breaking security controls across a wide variety of technologies and environments
Understanding of networking and Internet security concepts and protocols
Security Tester Examples
1
Security Tester Job Description
Job Description Example
Our innovative and growing company is looking to fill the role of security tester. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security tester
- Execute penetration tests of complex applications, operating systems, wireless and wired networks, and mobile applications/devices utilizing the Pen Testing standard
- Successfully work independently in a fast paced and dynamic environment
- Collaborate with other technical, security, and compliance teams to strengthen the defensive capability of Nationwide
- Research and develop new attack methodologies and tools
- Constantly improve the capabilities of the penetration testing team
- Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans)
- Perform requested penetration testing, evaluate and document results
- Report test findings to Senior JOTT Leadership – Penetration test results to include impact analysis findings
- Perform application-layer penetration testing against Corporate and customer software applications and webservices
- Conduct network and server layer penetration testing against Corporate Internet-facing and internal systems
Qualifications for security tester
- Degree from an accredited University/College or equivalent professional experience
- Prior experience in Red Team assessments or CBEST cyber attack simulations
- Ability to interact and provide constructive security remediation guidance provide business-oriented outlook and recommendations
- Basic understanding of encryption methods and how they are applied in an application environment
- Working knowledge of application security tools such as proxies, fuzzers, scanners, debuggers, simulators
- Familiarity with common web platforms Tomcat, .Net, AJAX, HTML5
2
Security Tester Job Description
Job Description Example
Our company is growing rapidly and is looking to fill the role of security tester. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security tester
- Produces monthly exception and management reports when requested
- Communicates to increase awareness of applicable security policies and standards
- Assists and trains team members in the use of security tools, the preparation of security reports and the resolution of security issues
- Represents the security team on development and deployment projects and other formal work groups and committees
- Penetration testing and documentation
- Recommend threat mitigations and participate in remediation efforts as needed
- Projects, research and development work as needed
- Conduct dynamic application security testing using both manual and automated testing tools
- Review test results from tools
- Ensure that automated tests are completed successfully
Qualifications for security tester
- Perform manual verification of vulnerabilities to reduce false positives
- Knowledge of security attack methodologies, tools and processes
- Must possess security experience – a strong fundamental expertise and experience in security penetration testing / research, application architectures and technology, knowledge in OWASP Top 10 vulnerabilities, and web application vulnerabilities and web application business logic flaws and threats
- Versed in two or more programming and scripting languages such as HTML5, Java, Python, Ruby, Perl, Bash, PowerShell
- Minimum 5 years of experience in a client-facing position
- Hardware hacking
3
Security Tester Job Description
Job Description Example
Our growing company is hiring for a security tester. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security tester
- Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities
- Perform security risk assessment, threat analysis and threat modeling
- Perform independent reviews of OCC’s security, network, and applications
- Plan/Design/Execute security related artifacts and activities
- Stay on-time, on-budget, and within scope of testing activities
- Develop clear detailed reports and recommendations based on concrete evidence
- Debrief users and provide remediation strategy on findings
- Ensure alignment of security controls in OCC’s testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices
- Assist management with the improvement of policy and procedure to support Security Testing and Red Team activities other security duties which may arise
- Participate in developing security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends
Qualifications for security tester
- Demonstrated experience in formal penetration testing, red team, ethical hacking of embedded systems, web applications and complex networked systems
- With great detail, document weaknesses and flaws in security that other people might miss
- A deep knowledge of web technologies, solutions and attack vectors that apply to application technologies
- Design, implement, and deploy integrated security testing tools
- Experience with cloud processes & cloud platforms
- Top tier security certifications
4
Security Tester Job Description
Job Description Example
Our innovative and growing company is hiring for a security tester. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for security tester
- Simulates malicious tactics of a motivated adversary with the intent of achieving a specific goal or access
- Perform technical security assessments, code audits and design reviews develop technical solutions to help mitigate security vulnerabilities
- Stay up to date and be an active participate in the overall cyber security industry
- Plan, assess, test, analyze, and report information on security vulnerabilities and possible exploitations present in a variety of complex and secure computer systems arrange fixes with the appropriate teams for identified issues
- Provide technical information system security testing in support of the appropriate security risk management processes using security assessment and technical testing efforts, including in-depth network and application vulnerability testing for automated and manual testing and demonstrable false positive validation
- Provide analytical support to the Security Operations team during investigations of attacker activity to help them understand malware behaviors and attack methods
- Develop documentation in support of testing efforts, including test plans, preliminary findings reports, security assessment reports, and other test artifacts, as required by the government
- Work with commercial and government open source vulnerability assessment tools and techniques used for evaluating operating systems, databases, and Web applications
- Contributes to the design, engineering and implementation of systems infrastructure
- Examine the Sponsor’s information systems to determine if vulnerabilities exists, and, if they are found, what mitigating strategies can be applied
Qualifications for security tester
- Professional certification is a distinct advantage (CEH, OSCP, GIAC CPEN, CREST CRT)
- BS degree in a technical discipline required
- Strong knowledge password storage and communication mechanisms (LM, NTLM, shadow)
- 2 years of experience in developing of the following languages - Go, SWIFT, Objective C , JAVA, or .NET
- Cobalt Strike
- Perform complex web application testing including custom assessments such as web services, and SAP based applications
5
Security Tester Job Description
Job Description Example
Our company is hiring for a security tester. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security tester
- The employee will coordinate planning, scheduling, and testing of project in the Certification and Accreditation process
- Execute tests based on test plans with a focus on generating results that are reproducible and yield a reliable level of quality
- Report on results to provide a basis for white listing or blacklisting software tools and applications or configurations
- Setup and securely operate test environments to test
- Perform of mobile application security testing (Android & iOS) is a plus
- Source code review/Secure code review
- Responsible for performing operating system, network, 3rd party application and internally developed application penetration testing and vulnerability assessments
- Uplift our security champions program within the development organizations
- Create improvements to uplift vulnerability management program
- Web and mobile application penetration testing
Qualifications for security tester
- Complete security assessments
- Serve as a mentor for others on the team
- Share expertise to the team members to help increase their capabilities
- Advanced web vulnerability assessment and penetration testing experience
- Experience with web application scanners
- In depth knowledge of vulnerability handling and validation