Контакты

Security Testing Engineer

Lviv, Ukraine

Striving for excellence is in our DNA. Since 1993, we have been helping the world’s leading companies imagine, design, engineer, and deliver software and digital experiences that change the world. We are more than just specialists, we are experts.

DESCRIPTION

As a Security Testing Engineer, you will help EPAM's clients to assess the security level of their infrastructure, web and/or mobile applications. This position will require advanced technical depth and experience, technical leadership, and multi-faceted communication skills. Scope and tasks may vary depending on the customer needs. You may be involved in the full project lifecycle from analysis and planning to development and deployment, as well as assisting with pre-sales opportunities, delivering trainings on pentesting and different pentesting tools. Along with this, you may be engaged to perform short-term pentests requiring acting like an insider (internal penetration test) or external penetration test, in which you will simulate an attack via the Internet

Responsibilities

  • Scoping and estimating tasks, as well as managing multiple tasks with minimal supervision;
  • Demonstrates considerable knowledge of planning and team management specific to security assessment; ;
  • Conduct vulnerability assessments and penetration testing;
  • Collaborate with technical and management personnel across the full security assessment life cycle;
  • Utilize problem solving skills, especially within troubleshooting complex issues while identifying options and/or alternatives;
  • Document all disclosed issues using different reporting formats;
  • Provide remediation suggestions to correct disclosed issues;
  • Collaborate with personnel responsible for writing and presenting proposals to prospective clients;
  • Manage and contribute to planning, coordination and successful completion of security engagements. .

Requirements

  • Certification in security field. (OSCP certification is a plus. OSCE is highly appreciated);
  • 2 years penetration testing experience of network, web and mobile applications;
  • Understanding and practical experience in security audit process, security standards(ISO, PCI DSS, HIPPA) and methodologies (OSSTM, OWASP, PTES);
  • Ability to perform evaluation of application requirements, processes, technologies;
  • Ability to select, educate and communicate the right solution based on client requirements and objectives;
  • Experience with different exploitation tools and frameworks (Metasploit, BeeF, sqlmap, etc);
  • Experience with different vulnerability scanners (Acunetix, Nessus, nmap, etc);
  • Ability to resolve technical problems when required;
  • Ability to develop custom scripts needed for specific assessment purposes (Python, bash, PowerShell);
  • Ability to explain assessment results to technical and non-technical personnel;
  • Solid experience in development of security-related documentation;
  • Ability to develop, implement and guide security assessments' process on the project;
  • Experience in security testing of Web Applications based on different technologies(.Net, Java, PHP);
  • Ability to exploit technologies such as JavaScript, AJAX, HTML5;
  • Experience in security testing of Web Services (SOAP, RESTful);
  • Experience in security testing of Mobile Applications (iOS, Android, Windows Mobile);
  • Experience in network security testing (Windows, *nix-based).

We offer

  • Competitive compensation depending on experience and skills;
  • Individual career path in engineering;
  • Social package - medical insurance, sports;
  • Sick leave and regular vacation;
  • Partial coverage of costs for certification and IT conferences;
  • English classes with certified English teachers;
  • Flexible work schedule.