American Express Careers

Information Security Analyst - Penetration Tester

Bangalore, India
Digital Commerce Technology

Apply Get Referred

Job Description

Information Security Analyst – Penetration Tester

This position, reporting to the Director of Third Security Monitoring, will be part of a team responsible for the assessment and continuous monitoring of the company’s most critically sensitive third parties.  The team is also responsible for performing in-depth technology and information security assessments of critical third parties.
 
The person in this position will be responsible for assessing application security of third-party services, and providing process recommendations, and performing testing of program controls.
 
Responsibilities also include:
  • Support execution of technical assessments for the company’s most critical third parties
  • Assist with evaluation of tools / technologies to support assessment and monitoring capabilities
  • Perform on-going tracking and monitoring of progress 

Qualifications

Requirements:
  • Must have 5+ years of experience in application/network/web/mobile penetration testing and tooling, advanced red team, or application security engineering and architecture, preferably in a large and distributed operating environment
  • Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability, change management
  • Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP)
  • Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
  • Expert knowledge of OWASP Top 10 and ability to articulate web security risks
  • Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat
  • Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus
  • Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus
  • Knowledge of SDLC, Agile, Waterfall, or Scrum
  • Information Security, Security Testing and/or Risk Analysis Experience
  • A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
  • Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion 
  • Proven excellent relationship management skills with all levels of the enterprise are required.
  • Ability to effectively collaborate across teams
  • Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders 
  • Ability to identify gaps between one’s skillset and the needs of the team
  • Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps
  • Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
  • Involving the right people to ensure the best decisions are made in a timely manner
  • Ability to analyze complex information and identify the most relevant details
  • Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
  • Strong sense of personal accountability and ability to drive results
  • Bachelor’s Degree in Computer Science, Engineering or similar technical field of study, or equivalent practical experience

ReqID: 19008062
Schedule (Full-Time/Part-Time): Full-time
Date Posted: May 29, 2019, 7:51:47 AM
Apply Get Referred