The Penetration tester works closely with other Delivery team members on engagements, assessing the security and compliance of various types of client applications and supporting infrastructure against regulatory and industry requirements and standards, as well as security best practice frameworks.
Type: Full time permanent position
Company and Team Culture:
"The Awesome AWS AppSec team at has outstanding leadership, team cohesion and endless opportunities to learn and challenge yourself. The benefits, work-life balance and culture are superb"
* Experience with IAM, STS, and AWS-specific security controls and security architecture design patterns.
* Experience with API and online application penetration testing techniques and tools.
* Experience with and knowledge of CSRF, AuthN/AuthZ, IDOR, XSS, and Confused deputy assaults.
* Client Facing Experience and Excellent interpersonal and communication abilities.
* AWAE, OSCP, OSCE, and OSEE certificates for AWS Certified Solutions Architect - Professional, AWS Certified Security, AWS Certified Advanced Networking, and AWS Certified SysOps Administrator.
* Experience with and certifications in network, database, and system administration.
* Oversee and assist penetration testing initiatives from scoping through out-brief in their totality.
* Architectural review, roles and access review, and the methodology and execution of offensive penetration testing operations as a part of the AWS Application Security Team. These obligations include:
* Advice on defense-in-depth, secure SDLC, and best practices for security and configuration can be given to customers and coworkers.
* Improve and sustain technical testing practices and standards for cloud service providers.