Senior Software Engineer/Developer - 2037481
Company: Fidelity Investments
Location: Durham, NC
Posted on: October 22, 2021
Job Description:
Assists in running an automated Dynamic Application Scanning
Testing (DAST) tool using OWASP Top 10 to enable the business to
mitigate vulnerabilities early in the development lifecycle.
Performs Web application penetration testing and ethical hacking,
using Wireshark and Burp Suite Professional. Continuously scans Web
applications to identify critical and high vulnerabilities in every
stage of the development lifecycle including production. Provides
security solutions by locating and mitigating risk(s). Primary Responsibilities: Performs vulnerability testing and scanning of Web applications
and APIs. Performs manual testing and verification of vulnerabilities. Provides vulnerability details to development teams along with
mitigation recommendations. Conducts retesting of vulnerabilities to validate fix
effectiveness. Establishes project plans for projects of moderate scope. Works on complex assignments and often multiple phases of a
project. Performs independent and complex technical and functional
analysis for multiple projects supporting several initiatives. Develops comprehensive documentation for multiple processes
supporting several corporate initiatives. Education and Experience: Bachelors degree (or foreign education equivalent) in Computer
Science, Engineering, Information Technology, Information Systems,
Mathematics, Physics, or a closely related field and three (3)
years of experience in the job offered or three (3) years of
experience performing cybersecurity testing of Web applications and
APIs in a financial service environment, using BurpSuite Pro and
Qualys. Or, alternatively, Masters degree (or foreign education
equivalent) in Computer Science, Engineering, Information
Technology, Information Systems, Mathematics, Physics, or a closely
related field and one (1) year of experience in the job offered or
one (1) year of experience performing cybersecurity testing of Web
applications and APIs in a financial service environment, using
BurpSuite Pro and Qualys. Skills and Knowledge: Candidate must also possess: Demonstrated Expertise (DE) performing time-boxed and
comprehensive penetration testing of Web applications, APIs, and
networks, using vulnerability (Nessus, NMAP, SQLMap, DirBuster, and
Metasploit) and Web application scanners (BurpSuite Pro, OWASP Zap,
AppScan, and Nikto), and network analyzers (Wireshark); and
performing manual testing to identify OWASP Top 10 vulnerabilities
and common vulnerabilities -- Insecure Direct Object Reference
(IDOR). DE configuring and troubleshooting enterprise
Software-as-a-Service (SaaS) solutions for Dynamic Application
Security Testing, using Burp Enterprise and Qualys; and automating
dynamic configuration using testing automation tools -- Postman and
SoapUI. DE reviewing and mitigating security flaws of Cross-Site
Scripting (XSS), SQL Injection (SQLi), Cross-Site Request Forgery
(CSRF), Buffer Overflow, Hardcoded Credentials, and Open Source
Software (OSS) vulnerabilities inventoried in Common
Vulnerabilities and Exposure (CVE) system before application
release using BurpSuite. DE configuring and analyzing results from Static Application
Security Testing tools --Veracode, Checkmarx, and Fortify -- to
confirm true positives and false positives; and performing security
vulnerability remediation with development teams using Unity and
SecureTrak. For full job details and to apply, please visit
https://jobs.fidelity.com/ and search for job number: 2037481.
Keywords: Fidelity Investments, Durham , Senior Software Engineer/Developer - 2037481, Finance , Durham, NC, North Carolina