We are looking for an Application Security Pen Tester to join the Application Security team responsible for application security.
The successful candidate will be responsible for contributing to our Cloud/On-prem strategic security program.
Responsibilities:
Conduct on-going Penetration testing activities across all platforms and services
Identify and facilitate remediation of application and cloud security exposures and vulnerabilities
Work to obtain the right mandate to ensure no new products or services are launched without the appropriate security controls
Take a part in development lifecycle and integration of security features into all phases of software design and development
Manage, aggregate, triage and track Vulnerabilities identified by external Assessors.
Assist in implementing Security Testing tools (Dynamic, Static and Runtime) in the Testing pipeline
Assist in defining testing scenarios for the Continuous Integration tests to cover identified vulnerabilities
Work closely with R&D to enhance application security on all layers
Requirements: 3+ years of hands-on experience in Penetration Testing for application and cloud environments.
Thorough understanding of cyber security frameworks, such as NIST CSF, CIS CSC
Understanding of Cloud)AWS & Azure) technologies and SaaS environments
Experience with web & application security, familiar with OWASP frameworks, solutions, and initiatives
Experience with security solutions such Vulnerability scanners, and DAST solutions and more
Experience with Container and K8s
Experience conducting application penetration testing.
Technical experience in network security technologies or security operations with a proven ability to engage and drive product and engineering priorities
Work with the business to identify, capture, escalate, and close security vulnerabilities found in Varonis products.
Leverage tools to deliver vulnerability information back to the development organization for remediation.
Coordinate security risk assessments for new products & solutions through the risk assessment team.
Maintain a risk register and risk visual with clearly defined owners for each risk.
Contribute to product/solution security frameworks and standards to reduce development cycle of new products and services and to ensure consistency across the different products and platforms.
Develop, institute, and maintain cloud security architecture standards
This position is open to all candidates.