Penetration Tester consultant- (Pen Testing, API Testing, Mobile Testing)

Overview:

We are a leading AI-driven Global Supply Chain Solutions Software Product Company and one of Glassdoor’s “Best Places To Work”.

Scope:

The role of the Penetration Tester Consultant is to work closely with information technology and development staff to help implement secure systems, tools, and processes. As a penetration tester, you will be responsible to analyse, identify & recommend specific improvement measures that help in the security posture of the organization by protecting the sensitive information.

What you’ll do:

• Conduct manual and automated penetration testing on BY WMS products.
• Perform Mobile and API security testing.
• Help the product team with CodeQL configuration, source code scanning and secret scanning.
• Understand how to identify, exploit, and remediate the OWASP Top 10, SANS 25 software flaws, and other vulnerabilities through use of tools.
• Experience in using common penetration testing tools, Burp Suite, etc.
• Understand and able to calculate risk for vulnerabilities using risk rating methodologies like CVSS.
• Good in report preparation with executive summary and technical details.
• Managing vulnerabilities found during the penetration testing activities, getting the remediation plan within timelines, and helping the team in fixing them.
• Analyzes output from product software security scans and advises development teams on security vulnerabilities and recommends prevention/mitigation methodologies.
• Work with development teams to ensure false positives are verified and documented.
• Research and recommend fixes for issues/vulnerabilities identified during the penetration testing.
• Conduct research on new vulnerabilities and threats regularly to improve oneself capabilities.
• Maintain a professional working relationship with other departments through clear communication and project level collaborations.
• Collaborates with information security, product development teams, customer support, and Blue Yonder customers to resolve security related issues/concerns.
• Manages the relationship with Security Partners and vendors and coordinates external security testing.
• Analyzes results of external testing and provides guidance to product teams on issue mitigation approaches.
• Works with internal and external resources to resolve application security issues within prescribed time frames

What we are looking for:

• 10+ years of web application penetration testing and API security testing
• Knowledge on source code reviews
• Expert knowledge of application vulnerabilities, exploits, and remediation techniques
• Expert knowledge of OWASP TOP 10
• Experience with current web application technology and concepts
• Familiar with dynamic testing tools and techniques
• Excellent communication skills

Our Values

If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

Diversity, Inclusion, Value & Equality (DIVE) is our strategy for fostering an inclusive environment we can be proud of. Check out Blue Yonder's inaugural Diversity Report which outlines our commitment to change, and our video celebrating the differences in all of us in the words of some of our associates from around the world.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.