Application security tester
country: mexico
*grupo santande *r es el banco líder que a través de más de 160 años de reinvención, ha llegado a ser una organización sin fronteras con presencia en más de 40 países, 95 nacionalidades y equipos multiculturales que comparten 4 idiomas. Lo importante para nosotros son nuestros clientes, colaboradores, accionistas y la sociedad, como parte de nuestra misión, que es contribuir al progreso de las personas y empresas, actuando siempre de forma sencilla, personal y justa.
En este momento nos encontramos en búsqueda de talento como: application security testing
*knowledge and experience*:
- must have a bachelor’s degree computer science, software dev, info sec, security engineering, etc.
- experience detecting threats and vulnerabilities.
- knowledge of common software vulnerabilities, such as those in the owasp texperience with cvss and how to apply.
- security certifications a plus.
- ethical hacking experience a plus.
*essential duties and responsabilities.*
- knowledge of common software vulnerabilities, such as those in the owasp top 10.
- experience with cvss and how to apply.
- acts as influencer of peers and management.
- conducts software composition analysis, sast, dast and penetration testing.
- conducts penetration testing (eg, internal, external, wireless, physical, social, etc.)
- post vulnerability assessment, work with various stakeholders to provide remediation to the identified risks and bring the same to closure.
- conducts walk-through of the assessment report to the stakeholders and help define remediation plan.
- creates process improvement by identifying inefficiencies and solutions for process improvements.
- oversees monitoring of security reports to identify issues and follow these issues to resolution.
- provides direction and act as an escalation point on projects and issues to other team members.
- updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations.
- works with various teams to follow a pre-assessment plan/ and assessment schedule for every assessment, conduct threat assessment, and deliver an assessment report.
- writes clear implementation guidelines for the implementation engineers.
*location*:
- *cdmx/ queretaro.