Your key responsibilities:
• Manage the execution of penetration tests performed by MSCI vendors.
• Under the direction of senior AppSec staff, perform internal penetration tests:
• Identify and exploit vulnerabilities in applications
• Document findings and recommend remediation strategies
• Collaborate with Cybersecurity and Engineering Teams to enhance security protocols.
• Conduct Security Assessments and Risk Analysis
• Develop and maintain security testing plans and protocols
• Develop and implement recommendations to enhance MSCI's pen testing process with particular attention paid to enhancing the MSCI application owner/staff and vendor experiences
• Develop and construct Python-based microservices on Azure and Google Cloud Platform (GCP) using modern API frameworks. Utilize suitable serverless compute options, Kubernetes, and application infrastructure components such as Application Gateway, Cosmos DB, Redis, and EventHub/Grid. Deploy these resources using Infrastructure-as-Code methods like Terraform and Atlantis.
• Performing operational tasks and engaging in proactive research and exploration of new technologies aligned with team objectives
Your skills and experience that will help you excel
• Advanced skills in planning and conducting penetration testing activities for both applications and infrastructure. Incorporating new tools and frameworks into pen-testing procedures, and assisting development teams in developing remediation options
• Intermediate knowledge of the design and development of software applications and microservices in Python
• A moderate understanding of modern cloud and on-premises infrastructure concepts, encompassing federated authentication and authorization (OAuth experience is beneficial), Active Directory, networking essentials (such as VNets, routing, switching, advanced firewalls), DNS management, databases, middleware, and Linux administration.
• Experience with cloud environments and configurations (Azure, GCP, AWS) is beneficiary
• Strong understanding of network protocols, cryptography, and security vulnerabilities
• Strong written and verbal communication skills in English and basic project management skills
• A minimum of 4 years in a combination of penetration testing and application development roles with 1) at least 2 years of experience in a role whose primary responsibility is executing penetration tests, 2) at least 2 years of experience in a role that involved substantial execution of either application development or DevSecOps skills, and 3) at least 6 months of experience in a role that involved substantial configuration and maintenance of CI/CD pipelines
• Advanced cybersecurity certification (e.g.: eJPT, eCPPT, OSCP, OSWA, GIAC GPEN, GIAC GWAPT) is a plus, but not a requirement. Strong knowledge on Linux is required (LPIC-1, LPIC-2 is preferred). Prefer to additionally have a BS in Computer Science or Computer Engineering
• Deep understanding of the different penetration testing tools (e.g.: Metasploit, Burp Suite, Nessus) and a record or scorecard of cybersecurity related Capture the Flag contributions (e.g.: HackTheBox, PentesterLab)
--
You must verify your mobile number to apply to this job.