Job Description

Role: Penetration Testing / Security Test Engineer

Location: Santa Clara CA

Role Summary
The Application Security & Penetration Testing Specialist will be responsible for conducting security assessments across web mobile thick client and instrumented applications. The role includes vulnerability analysis criticality-based reporting and close collaboration with development application and product teams to support remediation. The position also provides platform administration and analytics support for SAST DAST SCA and vulnerability management tools along with cloud and infrastructure assistance as required.

Key Responsibilities
Instrument / Network Penetration Testing
Conduct security testing of instrumented or connected applications including exposed network services and interfaces
Use Nessus / for vulnerability scanning and configuration assessment
Analyse and prioritize vulnerabilities based on criticality
Prepare detailed vulnerability reports and support application teams during remediation

Web Application Penetration Testing
Perform security scanning and manual penetration testing of in-scope web applications
Identify analyze classify and prioritize vulnerabilities based on agreed standards such as:
o OWASP Top 10
o CVSS / CVS
o Organization-specific security standards
Produce criticality-based vulnerability reports with clear remediation guidance
Provide clarification and consultation support to Application Development and Asset Owner teams during vulnerability remediation

Mobile Application Penetration Testing
Conduct security testing of in-scope mobile applications (Android/iOS)
Analyze identified vulnerabilities and prioritize them based on severity and business risk
Generate criticality-based reports for stakeholders
Support application teams with remediation-related clarifications

Thick Client Penetration Testing
Perform security assessments of thick client applications
Analyze vulnerabilities related to client-server communication authentication authorization and data protection
Prioritize findings and prepare severity-based reports
Provide consultation support to development and application teams

Additional Security Platform & Tooling Support
SAST (Static Application Security Testing)
Provide operational and administrative support for:
o Coverity on Polaris
o Polaris
o GitHub Application Security
Manage user access configurations and scan operations
Import SAST data into Power BI for:
o Security trend analysis
o Risk dashboards
Generate management and operational reports from Power BI

DAST (Dynamic Application Security Testing)
Provide support for WhiteHat DAST tool operations
Administer tool configurations and access
Import scan data into Power BI for analytics and reporting
Generate vulnerability trend and compliance reports

SCA (Software Composition Analysis)
Provide support for Black Duck SCA
Administer tool usage scan scheduling and configurations
Import vulnerability and license risk data into Power BI
Generate trend risk and compliance reports

Vulnerability Management (Tenable)
Provide support for / Nessus
Run vulnerability scans for product teams as required
Provide tool administration configuration and access management
Import scan data into Power BI
Generate vulnerability posture and trend reports

Required Skills & Competencies
Technical Skills
Strong knowledge of:
o Web Mobile Thick Client and Network Security
o OWASP Top 10 CVSS secure coding concepts
Hands-on experience with:
o Nessus /
o WhiteHat DAST
o Black Duck SCA
o Coverity / Polaris / GitHub Security
o Power BI (data import analysis dashboard creation)
Understanding of AWS Cloud containers and infrastructure security
Exposure to Jira administration
Soft Skills
Strong analytical and problem-solving skills
Ability to communicate security risks clearly to technical and non-technical stakeholders
Collaborative mindset with application development and product teams
Good documentation and reporting skills

Preferred Qualifications
Certifications such as:
o CEH OSCP GWAPT AWS Security Specialty (preferred)
Experience in regulated or enterprise environments
Familiarity with DevSecOps practices and CI/CD security integration

Job Tags

Full time

Similar Jobs

Doodle Deliveries

Class C Delivery Driver Job Job at Doodle Deliveries

Class C Delivery Driver Job Location: DLA9 - Irvine 17871 Von Karman Avenue Irvine CA 92614 Compensation: $15.50/hr Amazon Delivery Service Partners are seeking bright, motivated, hardworking individuals to fill Contracted Delivery Associate / Driver positions!...

Merck & Co.

Sr. Specialist, Clinical Supply Project Manager - Protocol (Onsite) Job at Merck & Co.

...Company's Research Laboratories portfolio of clinical trials.- GCS is accountable for the planning, sourcing, labeling, packaging and delivery of clinical supplies to clinical sites globally. The GCS Planning (Planning) organization is the key interface between clinical...

Acqualina Management, LLC

Breakfast Server Job at Acqualina Management, LLC

...career journey and offer benefits and unique learning and development opportunities that include: Competitive Wages Medical, Dental, Vision Insurance Life Insurance 401K Program Paid Holidays and VacationOutstanding Recognition and Awards ProgramEffective...

Konik

Mechanical Designer (SolidWorks) Job at Konik

...contributing to real-world product builds and continuous improvement efforts. Mechanical Drafter Responsibilities Update and maintain SolidWorks drawings based on redlines and engineering revisions Draft new parts, fixtures, and tooling with guidance from Manufacturing...

Volunteer Hospitality Llc

Event Manager Job at Volunteer Hospitality Llc

...you enjoy the process of planning and carrying out successful events? Are you passionate about providing fun experiences that make people... ...again? If so, we want to meet you! We are seeking an Event Manager to organize special events for our company. As the Event...

Penetration Testing Job at Purple Drive, Santa Clara County, CA

TkRGRUhzYW1ZK2VFMFFWa0JGK05GS0Q5VFE9PQ==