Security Testing Engineer

Role: Security Testing Engineer
Location: Seattle WA (Hybrid Remote 3 days in office)
Term: 12 Month Contract (possible extension)
Compensation: Negotiable (Must be W2 Cannot work Corp to Corp)

Summary:
An Authentication team is looking for a Security Testing Engineer. The team handles user identification and authentication across the channels for Consumer and GWIM customers.

As a Security Engineer/Tester you will be performing authorized security testing on some of the very complex massive scale and highly critical applications. You must be selfdirected able to work independently as well as work in a teamoriented and fast paced environment. You need to be aware of a varied application security domains like authentication authorization identity management cryptography etc. As part of a shift left focus you will be working part of the development team along with developers to proactively identify any security vulnerabilities (OWASP Top 10 SANS Top 25 CWE) at the earliest before they are discovered late in cycle by InfoSec teams or in production. You will be working as a liaison between the Infosec team and development teams understanding the security issues reported by central InfoSec teams to development teams to help them understand and fix them. You require very good communication and presentation skills to be able to present your findings to Leadership/Management/Development teams to help them understand the Risk so that they can take informed decisions on mitigations controls and residual risk. You need to be highly passionate in following the constantly changing threat landscape and familiarize with latest security vulnerabilities that impacts the team.

The ideal candidate is a team player selfstarter and quick learner with 3 year of experience in software development/testing with largescale enterprise applications. The working experience requirement can be relaxed if the candidate has right skillset and has the capability to learn quickly. When submitting a candidate under this consideration please highlight examples of quick learning on the resume. Offer rate may be affected by level of experience.

Qualifications:
Primary Skill Manual and automated testing (testing will be done on software)
Deep understanding of different web application technologies web protocols (HTTP HTTPS etc.) browser technologies etc.
In depth domain understanding of application security in terms of Identity and Access Management (IAM) different authentication technologies (passwords biometrics OTP digital certificates & PKI device authentication FIDO U2F/Passkeys etc.
Proven expertise on different security testing tools (Proxy tools like Fiddler Black box security testing tools like Burp Static Security Code analysis tools
Deep understanding of different application security vulnerabilities such as OWASP Top 10 SANS Top 25 CWE attack patterns (CAPEC) etc.
Bachelors Degree in Computer Science or equivalent experience.
Must be selfdirected able to work independently as well as work in a teamoriented and fast paced environment


Desired Skills
Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID OAuth protocols etc.
Good understanding of Cryptographic algorithms and standards like Symmetric/Assymetric crypto techniques digital signatures JWS/JWE tokens Hardware Security Modules (HSMs) etc.
Understanding of Security vulnerabilities related to Cloud environments is an added advantage.
Well known Security certifications is an added advantage
Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.
Mobile Application Security familiarity is desirable.