What you'll do...
Walmart InfoSec is seeking an experienced and well-rounded penetration tester that will be part of an elite team responsible for protecting the globally distributed information assets of the world’s largest company through specialized security testing. This person is a persistent and resourceful security practitioner with a knack for finding vulnerabilities, practices a persistent approach for proving exploitable findings and possesses a steadfast willingness to collaborate with some of the brightest security professionals.
- Performs application, web, mobile, cloud, hardware and network penetration tests using both automated and manual techniques
- Identifies and proves exploitable vulnerabilities in custom, open source and commercial software and platforms
- Proactively and consistently shares knowledge with others
- Develops scripts, tools, methodologies and best practices to improve team capabilities
- Develops and implements automation to eliminate repetitious work
- Leads secure code practice and application penetration testing for large, complex projects by consulting with software development teams in the application of security methodologies and techniques; reviewing project requirements; writing and developing code to drive security testing systems; communicating project status and issues to appropriate team members and stakeholders; evaluating results against expected results; troubleshooting open issues and security vulnerability fixes; ensuring on-time delivery and hand-offs of project action items; and updating project teams regarding results and needed fixes.
- Manages security risk management strategies for large, complex projects by supporting security risk assessment plans; determining testing scope for assigned projects; measuring and evaluating security metrics; reviewing and approving security requirements; identifying dependencies and risks; providing recommendations on prioritization for risk remediation efforts based on criticality; evaluating application and system deployments for security risks and developing code in order to secure gaps; and outlining risk mitigation deliverables and deadlines.
- Troubleshoots critical security defects in application and systems coding for large, complex projects by performing security testing and secure code review; reviewing and analyzing security defect information (for example, issue, impact, criticality, possible root cause); developing testing frameworks that are sustainable across multiple projects; developing testing plans to test code for security vulnerabilities; establishing testing standards and processes to meet security metrics; interpreting results to determine further action; evaluating security vulnerabilities to identify trends; performing root cause analysis to prevent reoccurrence of risks; and developing code fixes or solutions for security vulnerabilities.
- Demonstrates up-to-date expertise and applies this to the development, execution, and improvement of action plans by providing expert advice and guidance to others in the application of information and best practices; supporting and aligning efforts to meet customer and business needs; and building commitment for perspectives and rationales.
- Provides and supports the implementation of business solutions by building relationships and partnerships with key stakeholders; identifying business needs; determining and carrying out necessary processes and practices; monitoring progress and results; recognizing and capitalizing on improvement opportunities; and adapting to competing demands, organizational changes, and new responsibilities.
- Models compliance with company policies and procedures and supports company mission, values, and standards of ethics and integrity by incorporating these into the development and implementation of business plans; using the Open Door Policy; and demonstrating and assisting others with how to apply these in executing business processes and practices.
Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.
Bachelor’s degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or related field and 2 years'
experience in information technology or related field within the last 7 years OR 4 years' experience in information technology or related field within
the last 7 years OR a Master's degree in Computer Science, Information Technology, Engineering, Computer Information Systems, or related field
and 1 year's experience in information technology or related field within the last 7 years.
Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.
Cygwin, Designing, leading, and implementing small- to medium-scale technology projects, Designing technical solutions in response to customer requests or changes in retail business, Eclipse, Fiddler, Performing secure code analysis with Veracode, Production support, including problem identification, ticket documentation, and customer and vendor relations, Rational Software Architect, Security testing with Burp Suite pro, Security testing with IBM AppScan (AppScan Source and IDE Plugin), SOAP UI, Troubleshooting and recommending technical solutions, Visual Studio
805 SE MOBERLY LN, BENTONVILLE, AR 72712, United States of America