Security Tester Job Description
Security Tester Duties & Responsibilities
To write an effective security tester job description, begin by listing detailed duties, responsibilities and expectations. We have included security tester job description templates that you can modify and use.
Sample responsibilities for this position include:
Security Tester Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Tester
List any licenses or certifications required by the position: CREST, OSCP, CISSP, II, MCTS, IAT, GPEN, III, CEH, GWAPT
Education for Security Tester
Typically a job would require a certain level of education.
Employers hiring for the security tester job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Engineering, Education, Information Security, Information Technology, Computer Engineering, Information Systems, Technology, Business
Skills for Security Tester
Desired skills for security tester include:
Desired experience for security tester includes:
Security Tester Examples
Security Tester Job Description
- Execute penetration tests of complex applications, operating systems, wireless and wired networks, and mobile applications/devices utilizing the Pen Testing standard
- Successfully work independently in a fast paced and dynamic environment
- Collaborate with other technical, security, and compliance teams to strengthen the defensive capability of Nationwide
- Research and develop new attack methodologies and tools
- Constantly improve the capabilities of the penetration testing team
- Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans)
- Perform requested penetration testing, evaluate and document results
- Report test findings to Senior JOTT Leadership – Penetration test results to include impact analysis findings
- Perform application-layer penetration testing against Corporate and customer software applications and webservices
- Conduct network and server layer penetration testing against Corporate Internet-facing and internal systems
- Degree from an accredited University/College or equivalent professional experience
- Prior experience in Red Team assessments or CBEST cyber attack simulations
- Ability to interact and provide constructive security remediation guidance provide business-oriented outlook and recommendations
- Basic understanding of encryption methods and how they are applied in an application environment
- Working knowledge of application security tools such as proxies, fuzzers, scanners, debuggers, simulators
- Familiarity with common web platforms Tomcat, .Net, AJAX, HTML5
Security Tester Job Description
- Produces monthly exception and management reports when requested
- Communicates to increase awareness of applicable security policies and standards
- Assists and trains team members in the use of security tools, the preparation of security reports and the resolution of security issues
- Represents the security team on development and deployment projects and other formal work groups and committees
- Penetration testing and documentation
- Recommend threat mitigations and participate in remediation efforts as needed
- Projects, research and development work as needed
- Conduct dynamic application security testing using both manual and automated testing tools
- Review test results from tools
- Ensure that automated tests are completed successfully
- Perform manual verification of vulnerabilities to reduce false positives
- Knowledge of security attack methodologies, tools and processes
- Must possess security experience – a strong fundamental expertise and experience in security penetration testing / research, application architectures and technology, knowledge in OWASP Top 10 vulnerabilities, and web application vulnerabilities and web application business logic flaws and threats
- Versed in two or more programming and scripting languages such as HTML5, Java, Python, Ruby, Perl, Bash, PowerShell
- Minimum 5 years of experience in a client-facing position
- Hardware hacking
Security Tester Job Description
- Understand vulnerabilities and develop relevant exploits/payloads for use during Red Team activities
- Perform security risk assessment, threat analysis and threat modeling
- Perform independent reviews of OCC’s security, network, and applications
- Plan/Design/Execute security related artifacts and activities
- Stay on-time, on-budget, and within scope of testing activities
- Develop clear detailed reports and recommendations based on concrete evidence
- Debrief users and provide remediation strategy on findings
- Ensure alignment of security controls in OCC’s testing program and supporting services and related policies and procedures with applicable regulations and industry standard best practices
- Assist management with the improvement of policy and procedure to support Security Testing and Red Team activities other security duties which may arise
- Participate in developing security roadmap, adopt security best practices, and implement new ideas and innovations according to the industry trends
- Demonstrated experience in formal penetration testing, red team, ethical hacking of embedded systems, web applications and complex networked systems
- With great detail, document weaknesses and flaws in security that other people might miss
- A deep knowledge of web technologies, solutions and attack vectors that apply to application technologies
- Design, implement, and deploy integrated security testing tools
- Experience with cloud processes & cloud platforms
- Top tier security certifications
Security Tester Job Description
- Simulates malicious tactics of a motivated adversary with the intent of achieving a specific goal or access
- Perform technical security assessments, code audits and design reviews develop technical solutions to help mitigate security vulnerabilities
- Stay up to date and be an active participate in the overall cyber security industry
- Plan, assess, test, analyze, and report information on security vulnerabilities and possible exploitations present in a variety of complex and secure computer systems arrange fixes with the appropriate teams for identified issues
- Provide technical information system security testing in support of the appropriate security risk management processes using security assessment and technical testing efforts, including in-depth network and application vulnerability testing for automated and manual testing and demonstrable false positive validation
- Provide analytical support to the Security Operations team during investigations of attacker activity to help them understand malware behaviors and attack methods
- Develop documentation in support of testing efforts, including test plans, preliminary findings reports, security assessment reports, and other test artifacts, as required by the government
- Work with commercial and government open source vulnerability assessment tools and techniques used for evaluating operating systems, databases, and Web applications
- Contributes to the design, engineering and implementation of systems infrastructure
- Examine the Sponsor’s information systems to determine if vulnerabilities exists, and, if they are found, what mitigating strategies can be applied
- Professional certification is a distinct advantage (CEH, OSCP, GIAC CPEN, CREST CRT)
- BS degree in a technical discipline required
- Strong knowledge password storage and communication mechanisms (LM, NTLM, shadow)
- 2 years of experience in developing of the following languages - Go, SWIFT, Objective C , JAVA, or .NET
- Cobalt Strike
- Perform complex web application testing including custom assessments such as web services, and SAP based applications
Security Tester Job Description
- The employee will coordinate planning, scheduling, and testing of project in the Certification and Accreditation process
- Execute tests based on test plans with a focus on generating results that are reproducible and yield a reliable level of quality
- Report on results to provide a basis for white listing or blacklisting software tools and applications or configurations
- Setup and securely operate test environments to test
- Perform of mobile application security testing (Android & iOS) is a plus
- Source code review/Secure code review
- Responsible for performing operating system, network, 3rd party application and internally developed application penetration testing and vulnerability assessments
- Uplift our security champions program within the development organizations
- Create improvements to uplift vulnerability management program
- Web and mobile application penetration testing
- Complete security assessments
- Serve as a mentor for others on the team
- Share expertise to the team members to help increase their capabilities
- Advanced web vulnerability assessment and penetration testing experience
- Experience with web application scanners
- In depth knowledge of vulnerability handling and validation