Experience documenting app/system issues and presenting results to technical and non-technical management teams
Experience with a combination of the following: C or C++/Java/Ruby/ASM/other languages, scripting languages (Bash, Perl, Python), web application testing/exploitation, database testing/exploitation (SQL, Oracle, MongoDB, Hadoop, etc.) and/or cloud instance testing/exploitation
Bachelor?s degree in computer science, information technology or a related field or equivalent experience
Ability to utilize a wide variety of tools for looking for application issues, either from a quality assurance or testing perspective
Working knowledge of common commercial and/or open source penetration testing toolkits and techniques
Understanding of how web applications work, development practices, etc.
Strong organizational skills and the ability to track multiple projects to completion
Ability to maintain strict confidentiality
Possesses a high sense of urgency
Has good writing, organization, interpersonal and communication skills
Analytical thinking skills
Ability to be thorough and detail-orientated
Ability to look at all situations objectively; loves to challenge assumptions and has intense curiosity
Ability to work independently without supervision
Ability to work efficiently and accurately in a fast-paced environment
Experience in an information security, software engineering, development or quality assurance role
Experience in process scripting using Python
Cloud-proficient: Understands how to test against native services of cloud providers
Knowledge of Burp Suite
Understanding of the OWASP Top 10
Knowledge/Experience in basic app building in large PaaS platforms, such as: ServiceNow, Salesforce, Netsuite, etc.
GIAC, OSCP or other relevant information security certification
Job Summary The Associate Information Security Penetration Tester finds security problems across the company without breaking the entire organization in the process. The ideal candidate for this position should have a deep curiosity about network, system and application testing to uncover vulnerabilities. They will spend their day working with technology to help find vulnerabilities, scanning client infrastructures, delivering results to our clients and building automation. This role is not for someone who only wants to break things; successful candidates also can?t wait to roll up their sleeves to provide comprehensive visibility of vulnerabilities. Our ISMs of ?do the right thing? and ?a sense of urgency is the ante to play? guide our daily actions; security is in our DNA.
Work with development teams to build and execute scan profiles of applications
Build methods to automate basic assessments and results delivery to speed visibility for stakeholders
Collaborate with information security penetration testers on penetration testing of applications, servers or infrastructure
Identify additional preventative and detective controls to implement or consider
Deliver results, as needed, to application owners, risk team, project coordinators and clients in a clear, consistent way, using multiple forms so that teams can immediately begin remediation with no ambiguity
Aid in testing new technologies during proofs of concept to ensure that product claims and abilities meet the company?s needs
Take part in purple team exercises with other information security team members to increase visibility and preparedness and tweak existing controls
Promote a risk aware culture through promoting risk-appropriate practices and controls
Keep up-to-date on new, emerging exploits/vulnerabilities and track against internal vulnerabilities
Who We?Are? Rock Central is a Detroit-based?professional services company obsessed with delivering innovative, effective solutions to meet the diverse needs of our clients. From legal and finance to technology and public relations, our?expertise spans from executive consulting all the way to tactical implementation. We thrive at the intersection of people, process and technology?and empower our partners to unleash the maximum potential of their business through unmatched partnership?and the entrepreneurial spirit of a startup. From the smallest venture to the largest enterprises, we believe having an impact is never a questionit?s part of our DNA.?
Disclaimer This is an outline of the primary responsibilities of this position. As with everything in life, things change. The tasks and responsibilities can be changed, added to, removed, amended, deleted and modified at any time by the leadership group.