Senior Security Test Engineer

Senior Security Test Engineer

£565 pay per day (Inside IR35)

6 month initial contract

Job Description:

Our client is a leader in providing cutting-edge Technology to the Telco industry and they are looking for a Security Test Engineer to join their tech team.

Skills:

- Have technical knowledge and hands-on experience with IT/information security/cyber security/Network Security standards and frameworks such as ISO27001, NIST CSF and GITC
- Perform Impact assessment of new change requests and whether they will incur security testing to be implemented - subsequently create test scripts, mapping to requirements in ALM, test and raise defects in ALM where it necessitates and run regression test packs. This will include internal, external, and emergency CR's
- Good experience in Application & Infrastructure Security Testing including Static Application Secuirty Testing, Dynamic Application Security Testing, Interactive Application Secuirty Testing, Maritime Asset Security And Training, Run Time Application Secuirty Testing and Security Compliance Activities
- Good understanding of OWASP and other penetration testing methodologies. Good knowledge on analysing & reviewing the Pen Test Results
- Experience of security testing toolsets eg MicroFocus Fortify SCA (Static Analysis) WebInspect (Dynamic Vulnerability), App Defender, Black Duck, Sonatype (opensource), Qualys (DAST) and TripWire (IP360)
- Experience in Security QA Testing (compliance controls, Threat Management, Security Architecture Assessment, Cloud 3rd Party Risk Assessment, Vulnerability Mgt.)
- Source code review experience.
- Experience in using HP ALM, Jira
- Needs exposure on Professional security test tools like to perform testing on systems processing personal data which are within scope of GDPR
- Experience on Security Incident Event Management (ArcSight & Splunk)
- Track record of developing test security scripts, detailed test planning and test delivery of complex requirements involving multiple applications and platforms
- Representation of security testing to internal and external Telefónica meetings.
- Alignment of the security test strategy document and keeping up to date

Role:
- Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
- Strong analytical skills with a proven track record of requirements mapping and traceability
- Exposure to testing in rigorous security regimes/design
- Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
- Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions
- Expert knowledge of Cloud infrastructure, security architectures, and standards
- Able to demonstrate clear understanding of current threats to Cloud infrastructure/IT infrastructures/Network Infrastructure at technical and managerial levels
- Strong technical writing and verbal communication skills required
- Knowledge of web security concepts covering network through application layers
- Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc...
- Good understanding of hardware load-balancing, Firewalls, multi-tiered architectures.
- Knowledge of AWS services and security controls.
- Proven industry experience in application and infrastructure security testing

Responsiblities

- Define the security test approach for the project in conjunction with the Project Managers, Programme Test Manager and other parties involved in testing
- Derive Impact assessment
- Ensure that all relevant and impacted parties have been engaged
- Meet with the project/business to document which security test activities are being performed during identified SMIP test phases and which test objectives the business accepts as risks
- Ensure test activities are identified to mitigate all test risks.
- Act as the main point of contact regarding security test issues for the SMIP
- Attend project meetings as required and regularly track the progress of all security test activities
- Regularly review and update RAID (Risk, Assumptions, Issues, Dependencies) and the scope of security testing (test objectives)
- Issue the test completion reports to timescale
- Escalate project test issues to the programme test manager and project managers
- Communicate and maintain relationships with the impacted business, operational and technical teams (internal and external) throughout the delivery of project test phases
- Ensure deliverables are agreed with external partners and that end delivery meets specification and contractual obligations
- Ensure all test results are clearly communicated to the relevant development teams
- Ensure the appropriate use of tools, metrics, and processes are applied to achieve security test objectives and targets
- Provide direction and support to programme/project managers on all aspects of security testing
- Ensure testing issues and defects are escalated in a timely manner to the Project Managers and the SM Programme Test Manager
- Log all defects raised during QA, and track them until resolution in collaboration with the Defect test manager
- Encourage continuous quality improvement through Root Cause and another Metrics Analysis
area
- Act as a leader and industry expert in your subject area
- Keep at the forefront of research on relevant areas including methodologies, specific technologies, and the digital media marketplace
- Identify best practice and recommend how to implement it
- Oversee the sharing and embedding of good practice
- Contribute to the identification of current and target skill levels

Tooling
- SIEM - ArcSight, Splunk
- Application Security - SAST and DAST
- Vulnerability Management- Tripwire IP360
- API Testing tools - SOAP UI
- Good experience in identifying the server generated values.
- Operating Systems; Unix (Linux and/or Solaris), Windows
- Database - Microsoft SQL Server, Oracle RDBMS

Desirable:
- Certifications in Offensive Security, GIAC, ISECOM, (ISC)2, EC-Council (CEH), OSCP/OSCE, CISA, CEH
- Defect Management (ideally using HP ALM)
- Proactive, takes action and seeks opportunities.
- Excellent communication, reporting & presentation skills.
- Familiar with corporate, industry and professional standards.
- ISEB Foundation Certificate in Software Testing