Penetration Tester 3 Job ID 2024-11629

of Openings

1 Job Locations Remote - U.S. Category Engineering and Testing Overview The Penetration Tester is responsible for testing the security of our software, reporting on any security vulnerabilities found, and ensuring that all necessary parties are aware of any vulnerabilities found, as well as the severity of those vulnerabilities to the security of the software. This role will own and drive multiple application security programs ensuring all requirements are gathered and metrics are created to measure the success of the program. What you will be doing Lead Penetration Testing engagements on Web, Mobile, Thick, and API applications Manually identify and exploit application layer security vulnerabilities Develop multiple remediation strategies for discovered vulnerabilities Conduct source code reviews as necessary Serve as an Application Security Pentester SME and operate as a trusted advisor on issues and trends; provide general consulting services leveraging expertise and significant best practice knowledge Assist in security activities within the SDLC including Threat Modeling, SAST, DAST, & SCA Independently generate complex penetration test reports that are presented to leadership, which list the vulnerabilities found based on CVSS calculations. Research new attack vectors and stay current with cybersecurity news and trends Mentor, coach, and train other team members. Conduct and monitor External Penetration test engagements Comply with all corporate and departmental privacy and data security policies and practices, including but not limited to, Hyland's Information Systems Security Policy What will make you successful Preferred Bachelor's degree or equivalent experience Preferred GWAPT, eWPTX, CPTS, OSCP, or similar security-related certification Strong knowledge of security principles Strong critical thinking and problem solving skills Attention to detail Experience with languages and frameworks such as C/C++, JavaScript, .NET Knowledge of the OWASP Top 10, OWASP ASVS, and other security frameworks Knowledge of a broad range of security controls and applicably application vulnerability mitigation strategies Drive and willingness to learn more about all things application security related Deep understanding of the SSDLC Experience with helping product teams mitigate security vulnerabilities Demonstrated competency in presenting and delivering training Demonstrated competency reading and navigating enterprise code and the software development lifecycle Strong collaboration skills, applied successfully within team as well as with all levels of employees in other areas Strong organizational, multi-tasking, and time management skills Ability to effectively communicate vulnerabilities and technical concepts to all levels Ability to communicate effectively in writing and verbally Strong risk assessment ability Demonstrated ability to delicately communicate with customers about sensitive and high-risk information Demonstrated collaboration and teaching abilities Understanding of code to be able to communicate effectively with developers Up to 10% travel time required Based on individual states' employment laws, the following details are to comply with the relevant salary posting requirements: base salary range of $124,000-186,000 and eligible for bonus and benefits What you can expect next Hyland Recruiters thoroughly review every application and will contact you within 1 to 2 weeks regarding next steps. Be sure to add Hyland to your contacts list and check your spam folder so you never miss a message from us! Any follow up questions? Email your Recruiter directly at Careers@Hyland.