Давай знайомитися, ми — Astound Commerce, глобальна команда експертів електронної комерції. Ми забезпечуємо повний цикл послуг: від планування, дизайну, розробки та підтримки рішення до його просування й операційної аналітики.
12 января 2022

Penetration Test Engineer

Киев, Винница, Чернигов, Луцк, Ужгород, удаленно

About Astound Commerce
Astound Commerce is a global digital commerce company that provides end-to-end services — from creating a data-driven strategy and delivering UX services to building an ecommerce solution for a variety of clients such as Puma, Versace, Jimmy Choo, Tommy Hilfiger, Hugo Boss, and Crocs. With 20+ years’ experience, 1,400+ ecommerce specialists, more than 3,000 projects completed, and dozens of industry accolades, we excel at maximizing the brand and business value of every digital commerce touchpoint. Astound Commerce currently operates in 14 countries with 20 offices worldwide.

Job Purpose
The Security Test Engineer (STE) is a part of a high-performance Security test team responsible for the security testing of complex e-commerce solutions. To achieve the best results in this role you should have a strong technical background combined with collaboration, communication, and negotiation skills to act as a single STE or being a part of the project’s STE team. You should have strong expertise with the security testing approaches, understanding of the international security standards, experience with using different test tools in order to achieve the best results in an effective and efficient manner.

In this role you will get to

  • Collaborate with different project stakeholders to identify the Security Testing needs, scope, and inputs for the Security Testing approach;
  • Develop security testing strategy, create security test plans and scripts execution;
  • Perform security assessment for commercial and non-commercial (internal) projects;
  • Participating in conference calls with clients to review your assessment results and consult with the clients on remediation options;
  • Writing a formal security assessment report for each penetration test using our company’s standard reporting format;
  • Performing security research on topics for department development;
  • Researching and maintaining proficiency in tools, techniques, countermeasures, and trends in web app vulnerabilities;
  • Assisting with security assessment and reporting methodology enhancements;
  • Retesting security vulnerabilities that have been fixed and republishing your report to indicate the results of retesting.

Your skills and qualifications

  • Minimum 1 year of experience in security/penetration testing, such as vulnerability analysis, manual and automated approaches for test execution;
  • Understanding of web application security (including but not limited to OWASP Top Ten);
  • Experience with conducting different types of web application penetration testing, vulnerability assessments;
  • Experience in analysis of technical security weaknesses and to performs risk analyses;
  • Understanding and experience with OWASP main projects as:
    OWASP Top Ten;
    OWASP Web Security Testing Guide;
    OWASP Application Security Verification Standard;
    OWASP Cheat Sheet Series;
    OWASP API Security;
    OWASP SAMM;
  • Knowledge of industry compliance standards and regulations (PCI, EU GDPR, etc);
  • Extensive experience with the following tools: Burp Suite pro, ZAP, Nmap;
  • Experience with Commercial Web Application Tool;
  • Working experience with Kali Linux distributive;
  • Ability to use Common Vulnerability Scoring System;
  • Good knowledge of OOP;
  • Basic knowledge of software development principles: SOLID, Design Patterns;
  • Good understanding of how the web works: HTTP(S), HTML, CSS, AJAX, etc;
  • JavaScript basics;
  • Hands-on experience in scripting/coding in at least one of the following languages as Python, Ruby, Java;
  • Working experience with complex projects that requires a deep understanding of the application logic and dependencies; experience with code analysis;
  • Network penetration testing skills and software security fundamentals knowledge;
  • Experience in manual Penetration Testing(i.e. mapping applications, injecting SQLi, XSS);
  • Exceptional communication skills, to be able to explain the technical details of OWASP;
  • Top 10 and other vulnerabilities;
  • Ability to learn and adapt quickly in a dynamic environment;
  • At least intermediate spoken and written level of English proficiency;
  • Strong theoretical knowledge base in software testing (basing on the OWASP Security Testing Model);
  • Good understanding of SDLC and role of testing.

Good to have

  • Experience in security/penetration testing of web-based applications and e-commerce solutions;
  • Experience with CI systems;
  • Experience with static analysis/review of source code for security flaws (manual and/or automated);
  • Software Development and/or Scripting Experience in .NET, C++, Java, C#, Perl, Python, or bash;
  • Cyber Security Certifications: OSCP, CEH, SANS, etc.
  • Good technical writing skills and attention to detail;
  • Experience working in geographically distributed teams;
  • Experience of work with Jira and Confluence systems.

What we offer in return

  • Well-structured processes;
  • Knowledgebase of the world’s largest ecommerce delivery team;
  • Professional training and certifications;
  • Off-the-Charts Career Growth: Сlear career path and a performance review system, career coaching, training and certifications, mentoring and knowledge sharing.
  • Well-being Is Top Priority: Parental leave, paid time off, comprehensive health and medical plans.
  • Real Work-Life Balance: Remote, in-office, or hybrid working modes; flexible hours; work-life balance support on every stage and level.
  • Culture of Success: Culture of collaboration that encourages innovation every step of the way; 20 offices spanning four continents bring diverse perspectives that drive tangible results for our clients worldwide.

Why work for Astound Commerce?

Whether you’re working directly with our world-renowned clients or with your Astound colleagues from around the globe, you will shape the future of digital commerce, using emerging technologies and innovative approaches.

Grow your career with Astound Commerce, and discover exciting opportunities while doing the work you love!

LinkedIn