Ethical Hacker - Financial Services

KP Recruiting Group is a consulting firm that provides leadership and exceptional talent to some of the world’s leading companies. Headquartered in the Midwest, KP Recruiting Group has successfully completed countless engagements in the United States, Europe and Latin America. We represent clients in all industries and all sizes. Our mission is to provide exceptional client and candidate experiences in order to get the best possible results. On behalf of our client, we are excited to present the following confidential role. We look forward to hearing from you and discussing the opportunity!

The Role:

The Ethical Hacker will join a dynamic team of world class security experts to conduct application security/penetration tests of our internal/external web, mobile, web service applications, and evaluations of assessments performed by vendor third parties, leveraging both manual techniques as well as automated tools in order to uncover and report security vulnerabilities that exist.

You will be knowledgeable with business risks associated to common security vulnerabilities and to be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities.

The ability to work independently in a very large scale, enterprise setting is a great skill to possess. Previous experience as an application security professional with a large Financial Institution a plus.

Requirements

• BS/MS in Computer Science (or relevant work experience in a large scale IT environment)
  
• Experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc)
  
• Knowledge of network and Web related protocols/technologies
  
• Ability to demonstrate manual web application testing experience
  
• Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Acunetix, NTO Spider, Burpsuite Pro etc.)
  
• Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
  
• Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
  
• Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C.
  
• Expert-level experience and very details technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services
  
• Demonstrated ability to learn and apply critical thinking to a variety of situations
  
• One or more of the following certifications: CISSP, GWAPT, CEH, OSCP (or qualified work experience)
  
• Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript
  
• Experience as a developer
  
• Mobile programming abilities such as Xcode, Objective-C
  
• Knowledge of a Structured Query Language
  

Benefits

Our client offers a comprehensive benefits package including:

401k Matching

Family and Individual Insurance Packages (Health, Life, Dental, and Vision)

Paid Time Off & Paid Holidays

Long & Short-Term Disability

Identity Theft Plans

Retirement & Pension Plans

Employee Assistance Program

Employee Referral Program

Tuition Reimbursement Programs

Advancement & Professional Growth opportunities 

Parental Leave

& More