The Application Penetration Tester will assist Asurion in developing truly secure products by providing best-in-class application security penetration testing and security assessment services to the product development organization, while passionately pursuing personal and organizational excellence in the field of application/product security.

Responsibilities:

Perform in-depth and full-spectrum application and system penetration tests of internally developed products and enterprise systems.Identify security risks within applications, network infrastructure and security controls. Review product and open-source code for the purpose of assessing security and determining weaknesses / vulnerabilities.In conjunction with application security engineers and product development staff, assist in building threat models of internally developed products and systems for the purposes of efficiency in penetration testing and red-team efforts.Build and maintain positive and productive working relationships with product development teams and individuals.Develop security assessment scripts and frameworks and assist in efforts to automate security testing and assessment activities.Mentor security champions with respect to penetration testing techniques, vulnerability research, and red-team tactics.Provide assistance in response to product security incidents where application / product security expertise is required.Participate in blameless postmortems and retrospectives in effort to improve security of products / systems.Continuously learn and keep abreast of the latest technical developments in the security space.Perform research into and present relevant security technology, practices, and threats.Work closely with a small team of application security and penetration testing staff, in conjunction with product development, to ensure company products and services withstand all foreseen and reasonable attacks.

Requirements:

BS or MS in Computer Science or Engineering.Scripting and programming experience (Python, Java,.Net)Experience with security testing tools, such as Metasploit, Burp Suite, Fiddler, Wireshark, etc.1+years of hands-on, in-depth experience in application penetration testing and/or red-team activities in support of product development and enterprise goals.Penetration testing experience on mobile platforms (Android, iOS)1+ year experience in software engineering / development.Knowledge of open security standards such as OWASP ASVS ,NIST.In-depth knowledge of application security vulnerabilities and best practices.In-depth knowledge of network security, public cloud security (particularly AWS), PKI, and cryptography.Strong analytical and problem-solving skills.Ability to describe vulnerability findings to non-technical professionals.Excellent communication (oral, written, presentation) skills.GWAPT, CPT, OSCP, CEH, GMOB, GPEN certifications preferred.Experience in reverse engineering and tools (IDA Pro, Immunity ,Windbg, gdb) desirable.Track record in vulnerability research and CVE assignments highly desirable.Experience presenting at major security conferences is a plus.This position may require some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.