Application Penetration Test Engineer Expert at Experian Limited (Allen, TX)

Desired Skills and Experience

• Bachelor’s degree in related field (Business, Information Services, IT, Information Security, etc.); Master’s preferred.
• 8 years of hands on Application Penetration testing experience.
• A Self Starter with strong organizational skills, including the ability to deliver with minimal supervision and experienced in working in an onsite-offshore model.
• Expert knowledge and hands on experience of penetration tools such as Kali linux, Burpsuite, Nessus, Metasploit etc.
• Expert knowledge of existing, emerging threats, web security principles and attack vectors
• Ability to Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options
• Extensive knowledge of information and technology security management technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
• Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
• Strong expertise in the collaboration, facilitation and coordination with the business units for the mitigation of risks.
• Strong understanding of Application Design, DevOps, TCP/IP fundamentals, network protocols, system administration and network architectures.
• Experience and exposure to large organizational implementations of vulnerability management programs, with specific emphasis on application security, metrics development and reporting.
• Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code 
• Knowledge of Web Frameworks such as Spring, Struts Hibernate, ASP, JSP etc and APIs (JSON/REST/SOAP)
• Understanding of APIs (JSON/REST/SOAP) An aptitude for technical writing, including assessment reports, presentations and operating procedures.
• Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
• Ability to solve very complex security issues that span multiple components in an Application infrastructure.
• Ability to lead and motivate the team to achieve tactical and strategic goals.
• Knowledge of common information security management frameworks, including but not limited to: ISO 27001/27002, ITIL, COBIT and NIST is desired.
• Professional security management certification, such as a CISSP, CISM, CEH, OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials, is desired