Penetration Tester

About The Position

Requirements

• Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 1+ year(s) experience in security or related field OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 2+ years experience in security or related field OR equivalent experience.
• Ability to meet Microsoft, customer and/or government security screening requirements are required for this role.
• Microsoft Cloud Background Check: This position will be required to pass the Microsoft Cloud background check upon hire/transfer and every two years thereafter.

Nice To Haves

• 3+ years of experience in identifying security vulnerabilities in online services through penetration testing
• Demonstrated skills in one or more popular cloud platforms. Azure experience is a plus.
• Strong background in customizing static, dynamic security analysis tools.
• Solid verbal and written communication skills.
• Solid teamwork and cross-group collaboration skills.
• Ability to deal with ambiguity.
• Experience in technical disciplines outside security space, including general software development, networking, defensive security, database management, edge computing and full-stack development, is a strong plus.
• Demonstrated coding skills in one or more popular languages and platforms such as: C#, Python, and others.
• Bachelor of science or master’s degree in computer science, software engineering, information security or equivalent work experience.
• CISSP, OSCP/OSCE, GCIA, or SANS certifications is a plus.

Responsibilities

• Penetration Testing: Identify security vulnerabilities and their variants in critical services using various techniques such as source code reviews, dynamic analysis, operational security assessments etc. and validate software quality following our development standards.
• Security Automation: Participate in developing static and runtime analysis capabilities to find software security bugs quickly and with high confidence. Push the cutting edge when it comes to automated analysis of managed code and modern web services.
• Research, Training, and Tool Development: Perform research to stay current with the bleeding edge of penetration testing, defensive tools, and tactics. Leverage the output of this research for training and awareness across EPSF Security and innovation development efforts.