Ethical Hacker/Pen Tester
Posted on: January 16, 2019
The Lenovo PC & Smart Devices security team is growing, and is looking for an experienced cybersecurity professional to fill the role of Product Security Ethical Hacker. In this role you will perform penetration testing to help identify vulnerabilities in Lenovo's products, concentrating on web-based applications and cloud infrastructure, as well as mobile applications.
Experience in performing vulnerability assessments and ethical hacking of web and mobile applications is required. A background in software development is strongly desired.
Primary responsibilities: This role will require knowledge of application security testing (ethical hacking), secure software and infrastructure design practices, and broad knowledge of application and network vulnerabilities and how to exploit them. Generating reports, communicating with development teams and proposing remediation of issues are key components of the role.
Job responsibilities will include ownership and execution of activities, which include:
- Conducting security assessments of applications using industry-standard tools and techniques to identify vulnerabilities.
- Risk-ranking of identified threats to prioritize mitigation and remediation activities.
- Analyzing and assisting in the secure design and architecture of applications and network infrastructure.
- Working with software designers, developers, project managers, DevOps, and testers, to review, assist and recommend changes and solutions to address the security of cloud-based and mobile solutions.
- Analyzing source code for Web and mobile applications for security vulnerabilities.
- Providing vulnerability assessment and penetration test reports to key stakeholders.
- Producing reports to demonstrate assessment coverage and remediation effectiveness, and working with the product engineers and software teams to ensure corrective actions are implementedPosition Requirements
- Bachelor's Degree in Computer Science, related area or equivalent related work experience
- 5+ years of experience in cybersecurity, ethical hacking, vulnerability identification and management, secure design practices
- Experience performing security assessments of Web and mobile applications.
- Experience performing penetration testing that identifies weaknesses in Web applications and supporting infrastructure, including servers, databases, networks, etc.
- Experience performing code reviews and reviewing the results of static analysis tools.
- Experience with network assessment tools such as Nessus, nmap, curl, netcat, etc.
- Experience with security testing environments and tools, such as Kali, Metasploit, Burp Suite, Wireshark, Fiddler, etc.
- An understanding of vulnerabilities and attack methods, such as remote code execution, privilege escalation, XXE, XSS, SQLi, MitM, session hijacking, CSRF, and other common vulnerabilities, how to test for and identify them, and how to remediate them.
- Knowledge of and experience with applying Common Weakness Enumeration (CWE), Common Vulnerability Scoring System (CVSS), Common Vulnerabilities and Exposures (CVE) and Open Web Application Security Project (OWASP) processes and remediation recommendations.
- Knowledge of security-related technologies, including but not limited to
encryption (both at-rest and in-transit) and related cryptography, and authentication services.
- Knowledge of secure coding best practices.
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.
Keywords: Lenovo, Raleigh , Ethical Hacker/Pen Tester, IT / Software / Systems , Raleigh, North Carolina
Didn't find what you're looking for? Search again!