Threat Researcher- Source Code Review

Job Description:

• Perform research, analysis, and testing of network, application, physical and procedural vulnerabilities via vulnerability assessment, penetration test and/or social engineering.
• Perform vulnerability scanning of SonicWall products, servers, and appliances in the backend network.
• Perform internal vulnerability assessments and penetration tests prior to external audits.
• Clearly outline and portray test findings via well documented report.
• Acquire a comprehensive technical understanding of all products in the SonicWALL product line and the underlying hardware/software technologies within the solution stack to enable technical leadership through the analysis stage to resolution of issues.
• Work with other team members to respond to any alerts and/or threats identified by the security tools and processes.
• Identify, research, and assist in the implementation of any security tools and/or processes to improve the overall security posture.
• Maintain up-to-date detailed knowledge of the IT security threats and plan, prioritize, and implement, mitigation controls as necessary.
• Review logs and reports of all in-place devices, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.). Interpret the implications of that activity and devise plans for appropriate resolution.
• Work as part of a team liaising with external security researchers.
• Participate in investigations into problematic activity.
• Provide on-call support if necessary for all in-place security solutions
• Required Qualifications:
• College diploma or university degree in the field of computers or engineering and/or 6 years equivalent work experience
• Demonstrable experience in advanced Web application penetration Testing.
• Extensive knowledge of tools such as Kali, Nmap, Nessus, Metasploit, Acunetix, etc..
• 2+ years’ experience of Professional Web-Application Development or Source Code Review (C/C++, C#, ASP, PHP, or Java)
• Knowledge of web architecture and protocols (HTTP(S), TCP/IP, ARP, SMTP, DNS, etc.)
• Must understand how data flows through an application and connected components (SMTP, LDAP, Database servers) and common software security issues and remediation techniques
• Proven analytical skills and technical competence.
• Highly self-motivated and directed.

#LI-KB7

#LI-Costa rica

#LI-Remote