Давай знайомитися, ми — Astound Commerce, глобальна команда експертів електронної комерції. Ми забезпечуємо повний цикл послуг: від планування, дизайну, розробки та підтримки рішення до його просування й операційної аналітики.
23 ноября 2021

Penetration Test Engineer

Киев, Винница, Луцк, Ужгород, Чернигов, удаленно

About Astound Commerce
Astound Commerce is a global ecommerce agency headquartered in the US. With over 1200 professionals in 12 countries, we are one of the world’s largest teams of ecommerce experts. Top brands like Adidas, Puma, Versace, Jimmy Choo, Tommy Hilfiger, Hugo Boss and Crocs are among our clients. Company centers in Eastern Europe are focused on the development of ecommerce solutions on Salesforce Commerce Cloud (Demandware), Hybris, IBM WebSphere Commerce, Intershop, Kibo, Magento, NetSuite.

Job Purpose
The Security Test Engineer (STE) is a part of a high-performance Security test team responsible for the security testing of complex e-commerce solutions. To achieve the best results in this role you should have a strong technical background combined with collaboration, communication, and negotiation skills to act as a single STE or being a part of the project’s STE team. You should have strong expertise with the security testing approaches, understanding of the international security standards, experience with using different test tools in order to achieve the best results in an effective and efficient manner.

What You’ll Be Doing:

  • Collaborate with different project stakeholders to identify the Security Testing needs, scope, and inputs for the Security Testing approach;
  • Develop security testing strategy, create security test plans and scripts execution;
  • Perform security assessment for commercial and non-commercial (internal) projects;
  • Participating in conference calls with clients to review your assessment results and consult with the clients on remediation options;
  • Writing a formal security assessment report for each penetration test using our company’s standard reporting format;
  • Performing security research on topics for department development;
  • Researching and maintaining proficiency in tools, techniques, countermeasures, and trends in web app vulnerabilities;
  • Assisting with security assessment and reporting methodology enhancements;
  • Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of retesting.

What We’re Looking For:

  • Minimum 1 year of experience in security/penetration testing, such as vulnerability analysis, manual and automated approaches for test execution;
  • Understanding of web application security (including but not limited to OWASP Top Ten);
  • Experience with conducting different types of web application penetration testing, vulnerability assessments;
  • Experience in analysis of technical security weaknesses and to performs risk analyses;
  • Understanding and experience with OWASP main projects as:
    OWASP Top Ten;
    OWASP Web Security Testing Guide;
    OWASP Application Security Verification Standard;
    OWASP Cheat Sheet Series;
    OWASP API Security;
  • Knowledge of industry compliance standards and regulations (PCI, EU GDPR, etc);
  • Extensive experience with the following tools: Burp Suite pro, ZAP, Nmap;
  • Experience with Commercial Web Application Tool;
  • Working experience with Kali Linux distributive;
  • Ability to use Common Vulnerability Scoring System;
  • Good knowledge of OOP;
  • Basic knowledge of software development principles: SOLID, Design Patterns;
  • Good understanding of how the web works: HTTP(S), HTML, CSS, AJAX, etc;
  • JavaScript basics;
  • Hands-on experience in scripting/coding in at least one of the following languages as Python, Ruby, Java;
  • Working experience with complex projects that requires a deep understanding of the application logic and dependencies; experience with code analysis;
  • Network penetration testing skills and software security fundamentals knowledge;
  • Experience in manual Penetration Testing(i.e. mapping applications, injecting SQLi, XSS);
  • Exceptional communication skills, to be able to explain the technical details of OWASP;
  • Top 10 and other vulnerabilities;
  • Ability to learn and adapt quickly in a dynamic environment;
  • At least intermediate spoken and written level of English proficiency;
  • Strong theoretical knowledge base in software testing (basing on the OWASP Security Testing Model);
  • Good understanding of SDLC and role of testing.

Good to have:

  • Experience in security/penetration testing of web-based applications and e-commerce solutions;
  • Experience with CI systems;
  • Experience with static analysis/review of source code for security flaws (manual and/or automated);
  • Software Development and/or Scripting Experience in .NET, C++, Java, C#, Perl, Python, or bash;
  • Cyber Security Certifications: OSCP, CEH, SANS, etc.
  • Good technical writing skills and attention to detail;
  • Experience working in geographically distributed teams;
  • Experience of work with Jira and Confluence systems.

What’s In It For you

  • Fast growing international company challenges for creative and result oriented professional;
  • Personalized Approach: Semi-Annual Performance Review, helpful and engaging international environment with numerous opportunities for professional growth;
  • A network-style culture with geographically distributed teams.

Your Work-Life at Astound Commerce

  • Competitive compensation and benefits package, e.g. such as remote work, flexible working time, etc;
  • Comprehensive Social Package: Support Work-Life Balance, Healthy Lifestyle;
  • Business trips to other offices’ location;
  • Comfortable Office.