Job Title

Senior Security Test Engineer

Company Name
CyberArk Software Ltd
Job Type
Full-time
Qualification
Bachelor’s Degree
Experience
6 Years
Vacancies
1
Salary Offered
Not Disclosed
Job Category
Location
Hyderabad, Telangana, India
Job Description

Responsibilities:
Collaborate with engineering teams on architecting, implementing technologies, processes, and improvements around product security by performing threat models, penetrations tests, and sharing security expertise.
Develop security testing plans to identify misconfigurations, vulnerabilities, and visibility shortfalls.
Assist, mentor, and educate about internal secure development methodologies and CyberArk  "Security Champions" program.

CRITICAL SKILLS:
6+ years of experience working in the software development industry as a test engineer or an engineer with responsibilities relating to security.
Background in Whitebox penetration testing.
Bachelor’s degree in Computer Science, Computer Information Systems, Software Engineering, or Mathematics or a related field, or its equivalent.
Programming experience in one or more languages (Java, JavaScript, Python, Shell/BASH, C/C, C#).

DESIRABLE SKILLS:
OSCP certification a huge plus.
Experience with web application scanning tools (e.g. Static / Dynamic, Interactive, etc.) including Qualys WAS, Appspider, Acutenitx, Veracode, Burp Suite, Netsparker, OWASP Zap, Checkmarx, Whitesource, Snyk or similar.
Past development expertise or operational or consultative experience supporting application security teams.
Threat modeling experience.
Experience using source code management tools such as Perforce, GIT or equivalent.
Strong debugging skills and experience performing security code reviews.
Experience with Active Directory and/or LDAP.
Understanding of PKI, Certificate security, encryption, HTTPS.
Strong written and oral communication and collaboration skills, ability to collaborate effectively in team, across team and with management and other disciplines.
Experience working with product management, engineering and ops to help them buy into a potentially disruptive, but important, security update/change.
Demonstrated security research activities (e.g. participation in bug bounties or credit for reporting CVEs).
Working knowledge of cybersecurity frameworks and standard practices such as NIST Cybersecurity Framework, CSA, or OWASP.

Recruiter's Name
--
Telephone
--
Posted Date
November 02, 2022
Additional information

--