Security Test Engineer

Security Test Engineer

BCforward is currently seeking a highly motivated Security Test Engineer for an opportunity in Seattle, WA!

Position Title: [Security Test Engineer]

Location: [Seattle, WA]

Anticipated Start Date: [ASAP]

Please note this is the target date and is subject to change. BCforward will send official notice ahead of a confirmed start date.

Expected Duration: [12 Months]

Job Type: [CONTRACT (>%3D30 HRS WEEKLY), [HYBRID]

Pay Range: [$60] - [$65]

Please note that actual compensation may vary within this range due to factors such as location, experience, and job responsibilities, and does not encompass additional non-standard compensation (e.g., benefits, paid time off, per diem, etc.).

Requirements:

An authentication team is looking for a Security Testing Engineer. The team handles user identification and authentication across the channels for Consumer and GWIM customers.

As a Security Engineer/Tester, you will be performing authorized security testing on some of the very complex, massive scale, and highly critical applications. You must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment. You need to be aware of a varied application security domains like authentication, authorization, identity management, cryptography, etc. As part of a shift left focus, you will be working part of the development team along with developers to proactively identify any security vulnerabilities (OWASP Top 10, SANS Top 25, CWE) at the earliest before they are discovered late in cycle by InfoSec teams or in production. You will be working as a liaison between the Infosec team and development teams, understanding the security issues reported by central InfoSec teams to development teams to help them understand and fix them. You require very good communication and presentation skills to be able to present your findings to Leadership/Management/Development teams to help them understand the Risk so that they can take informed decisions on mitigations, controls and residual risk. You need to be highly passionate in following the constantly changing threat landscape and familiarize with latest security vulnerabilities that impacts the team.

The ideal candidate is a team player, self-starter and quick learner with 3+ year of experience in software development/testing with large-scale enterprise applications. The working experience requirement can be relaxed if the candidate has right skillset and has the capability to learn quickly. When submitting a candidate under this consideration, please highlight examples of quick learning on the resume. Offer rate may be affected by level of experience.

Required Skills

Primary Skill - Manual and automated testing (testing will be done on software)

* Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.

* In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.

* Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools,

* Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.

* Bachelor's Degree in Computer Science or equivalent experience.

* Must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment

Desired Skills

* Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID, OAuth protocols, etc.

* Good understanding of Cryptographic algorithms and standards like Symmetric/Assymetric crypto techniques, digital signatures, JWS/JWE tokens, Hardware Security Modules (HSMs), etc.

* Understanding of Security vulnerabilities related to Cloud environments is an added advantage.

* Well known Security certifications is an added advantage

* Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.

* Mobile Application Security familiarity is desirable.

Benefits:

BCforward offers all eligible employees a comprehensive benefits package including, but not limited to major medical, HSA, dental, vision, employer-provided group life, voluntary life insurance, short-term disability, long-term disability, and 401k.

About BCforward:

Founded in 1998 on the idea that industry leaders needed a professional service, and workforce management expert, to fuel the development and execution of core business and technology strategies, BCforward is a Black-owned firm providing unique solutions supporting value capture and digital product delivery needs for organizations around the world. Headquartered in Indianapolis, IN with an Offshore Development Center in Hyderabad, India, BCforward's 6,000 consultants support more than 225 clients globally.

BCforward champions the power of human potential to help companies transform, accelerate, and scale. Guided by our core values of People-Centric, Optimism, Excellence, Diversity, and Accountability, our professionals have helped our clients achieve their strategic goals for more than 25 years. Our strong culture and clear values have enabled BCforward to become a market leader and best in class place to work.

BCforward is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability.

To learn more about how BCforward collects and uses personal information as part of the recruiting process, view our Privacy Notice and CCPA Addendum. As part of the recruitment process, we may ask for you to disclose and provide us with various categories of personal information, including identifiers, professional information, commercial information, education information, and other related information. BCforward will only use this information to complete the recruitment process.

This posting is not an offer of employment. All applicants applying for positions in the United States must be legally authorized to work in the United States. The submission of intentionally false or fraudulent information in response to this posting may render the applicant ineligible for the position. Any subsequent offer of employment will be considered employment at-will regardless of the anticipated assignment duration.

Privacy Policy - BCforward

Updated August 17th 2022

Interested candidates please send resume in Word format Please reference job code 228350 when responding to this ad.

---