Lead Specialist, Security Testing - Walmart Technology

Position Summary...

What you'll do...

Manages security risk management strategies for large, complex projects by supporting security risk assessment plans; determining testing scope for assigned projects; measuring and evaluating security metrics; reviewing and approving security requirements; identifying dependencies and risks; providing recommendations on prioritization for risk remediation efforts based on criticality; evaluating application and system deployments for security risks and developing code in order to secure gaps; and outlining risk mitigation deliverables and deadlines.

Troubleshoots critical security defects in application and systems coding for large, complex projects by performing security testing and secure code review; reviewing and analyzing security defect information (for example, issue, impact, criticality, possible root cause); developing testing frameworks that are sustainable across multiple projects; developing testing plans to test code for security vulnerabilities; establishing testing standards and processes to meet security metrics; interpreting results to determine further action; evaluating security vulnerabilities to identify trends; performing root cause analysis to prevent reoccurrence of risks; and developing code fixes or solutions for security vulnerabilities.

Leads secure code practice and application penetration testing for large, complex projects by consulting with software development teams in the application of security methodologies and techniques; reviewing project requirements; writing and developing code to drive security testing systems; communicating project status and issues to appropriate team members and stakeholders; evaluating results against expected results; troubleshooting open issues and security vulnerability fixes; ensuring on-time delivery and hand-offs of project action items; and updating project teams regarding results and needed fixes.

Additional Job Description

Walmart InfoSec is seeking experienced and well-rounded penetration testers that will be part of an elite team responsible for protecting the globally distributed information assets of the world’s largest company through specialized security testing.  This person is a persistent and resourceful security practitioner with a knack for finding vulnerabilities, practices a persistent approach for proving exploitable findings and possesses a steadfast willingness to collaborate with some of the brightest security professionals.

Responsibilities:

• Performs application, web, mobile and network penetration tests using both automated and manual techniques.
• Identifies and exploits vulnerabilities in commercial, open source, custom software applications and infrastructure across one of the world’s largest networks.
• Composes test reports and records vulnerability data according to Governance, Risk, and Compliance (GRC) processes. 
• Effectively delivers technical debriefs to stakeholders including technical staff, program management  and leaders.
• Consistently learns the latest and most advanced security testing techniques, development tools, and frameworks.
• Maintains testing tools, hardware, and equipment creating new tools where appropriate.
• Develops scripts, tools, methodologies and best practices to improve team capabilities.
• Demonstrates deep knowledge of common operating systems.

Preferred Skills:

• 4+ years penetration testing experience or related certifications (e.g. OSCP, OSWP, OSCE, GPEN, GWAPT, GXPN)
• Demonstrable experience identifying and exploiting vulnerabilities in commercial, open source, and custom software products
• Demonstrable experience identifying and exploiting vulnerabilities in mobile applications (iOS, Android) 
• Demonstrable experience with penetration testing tools (e.g. Metasploit, Burp Suite, etc.) 
• Proven experience manually executing attacks without the use of tools
• Demonstrable experience conducting secure code reviews 
• Strong knowledge of multiple common operating systems
• Strong knowledge of common networking configurations, load balancing, firewalls, and security controls
• Solid knowledge of authentication and SSO technologies 
• Solid knowledge of applied cryptography and common implementation flaws
• Ability to develop software in Java, C#, JavaScript (NodeJS, Angular), C/C++ and other common languages 
• Ability to build automation to eliminate recurring/repetitious work
• Bachelor’s degree in Computer Science, Engineering, or related fields, plus 4 years working in security roles, OR, 7+ years working in security testing roles

Minimum Qualifications...

Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.

Minimum Qualifications: Bachelor’s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or related field and 3 years' experience in information technology or related field within the last 7 years OR 5 years' experience in information technology or related field within the last 7 years OR a Master's degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or related field and 2 years' experience in information technology or related field within the last 7 years

Preferred Qualifications...

Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.

Customer Service, Information Security, Information Technology, Photo Studio Management, Project Management, Responsible for third party vendor relationships, Retail Industry, Retail Management, Retail Software Programs, Support, Technical Strategy, Testing Technologies, Troubleshooting, Using audio, visual, or broadcasting equipment, Using WFC SOAP adapters as transport

https://click.appcast.io/track/5i2vco7-org?cs=37f&jg=1yfx&bid=lUf2CslKyPxm6i440ZgUYA==