Senior Software Engineer/Developer - 2037481

Company: Fidelity Investments
Location: Durham, NC
Posted on: October 22, 2021

Job Description:

Assists in running an automated Dynamic Application Scanning Testing (DAST) tool using OWASP Top 10 to enable the business to mitigate vulnerabilities early in the development lifecycle. Performs Web application penetration testing and ethical hacking, using Wireshark and Burp Suite Professional. Continuously scans Web applications to identify critical and high vulnerabilities in every stage of the development lifecycle including production. Provides security solutions by locating and mitigating risk(s).

Primary Responsibilities:

Performs vulnerability testing and scanning of Web applications and APIs.

Performs manual testing and verification of vulnerabilities.

Provides vulnerability details to development teams along with mitigation recommendations.

Conducts retesting of vulnerabilities to validate fix effectiveness.

Establishes project plans for projects of moderate scope.

Works on complex assignments and often multiple phases of a project.

Performs independent and complex technical and functional analysis for multiple projects supporting several initiatives.

Develops comprehensive documentation for multiple processes supporting several corporate initiatives.

Education and Experience:

Bachelors degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Mathematics, Physics, or a closely related field and three (3) years of experience in the job offered or three (3) years of experience performing cybersecurity testing of Web applications and APIs in a financial service environment, using BurpSuite Pro and Qualys.

Or, alternatively, Masters degree (or foreign education equivalent) in Computer Science, Engineering, Information Technology, Information Systems, Mathematics, Physics, or a closely related field and one (1) year of experience in the job offered or one (1) year of experience performing cybersecurity testing of Web applications and APIs in a financial service environment, using BurpSuite Pro and Qualys.

Skills and Knowledge:

Candidate must also possess:

Demonstrated Expertise (DE) performing time-boxed and comprehensive penetration testing of Web applications, APIs, and networks, using vulnerability (Nessus, NMAP, SQLMap, DirBuster, and Metasploit) and Web application scanners (BurpSuite Pro, OWASP Zap, AppScan, and Nikto), and network analyzers (Wireshark); and performing manual testing to identify OWASP Top 10 vulnerabilities and common vulnerabilities -- Insecure Direct Object Reference (IDOR).

DE configuring and troubleshooting enterprise Software-as-a-Service (SaaS) solutions for Dynamic Application Security Testing, using Burp Enterprise and Qualys; and automating dynamic configuration using testing automation tools -- Postman and SoapUI.

DE reviewing and mitigating security flaws of Cross-Site Scripting (XSS), SQL Injection (SQLi), Cross-Site Request Forgery (CSRF), Buffer Overflow, Hardcoded Credentials, and Open Source Software (OSS) vulnerabilities inventoried in Common Vulnerabilities and Exposure (CVE) system before application release using BurpSuite.

DE configuring and analyzing results from Static Application Security Testing tools --Veracode, Checkmarx, and Fortify -- to confirm true positives and false positives; and performing security vulnerability remediation with development teams using Unity and SecureTrak.

For full job details and to apply, please visit https://jobs.fidelity.com/ and search for job number: 2037481.

Keywords: Fidelity Investments, Durham , Senior Software Engineer/Developer - 2037481, Finance , Durham, NC, North Carolina