Sr Penetration Tester, India - CIS ICC
- Bangalore, India
Become a Part of the NIKE, Inc. Team
NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At NIKE, Inc. it's about each person bringing skills and passion to a challenging and constantly evolving game.
NIKE is a technology company. From our flagship website and five-star mobile apps to developing products, managing big data and providing leading edge engineering and systems support, our teams at NIKE Global Technology exist to revolutionize the future at the confluence of tech and sport. We invest and develop advances in technology and employ the most creative people in the world, and then give them the support to constantly innovate, iterate and serve consumers more directly and personally. Our teams are innovative, diverse, multidisciplinary and collaborative, taking technology into the future and bringing the world with it.
WHO ARE WE LOOKING FOR
We're looking for a Senior Penetration Tester. This role is part of Corporate Information Security, Security Operations organization is responsible for security testing of Nike technology, coordination with stakeholders regarding their findings and completion of day to day tasks associated with penetration test program. The candidate needs to have a strong understanding of technical concepts, excellent attention to detail, data accuracy, and data analysis, strong verbal and written communication skills, and be self-motivated and operates with a high sense of urgency and a high level of integrity.
WHAT WILL YOU WORK ON
If this is you, you'll be working with the Penetration Testing team in the Attack Surface Management group and perform the following tasks:
* Conduct penetration test scoping/kick off meetings with technology business stakeholders, document scope and schedule testing window
* Lead web application, mobile, API and network penetration testing within the designated scope and rules of engagement
* Provide technical guidance for remediation of findings, collaborating with other CIS teams as necessary
* Provide mentoring and training to junior members of attack surface management team
* Perform required audit related tasks from internal audit, SOX and PCI activities.
* Interface & support other CIS organizations such as Incident Response, Governance, Risk and Threat Intelligence as necessary
* Maintain and compose operational process documentation regarding program execution.
* Maintain and grow penetration testing tool suites and automation of tasks through the use of commercial and open source products
* Perform Red Team activities in coordination with Nike's cyber defense center and incident response teams to validate Blue team monitoring & detection processes
WHO WILL YOU WORK WITH
This role is part of the Penetration Testing team within Corporate Information Security.
WHAT YOU BRING
* Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.
* 5+ years of IT professional experience, with 3+ years Information Security experience, with previous penetration testing or application security background
* Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices
* Strong web application development, security flaw and remediation technical understanding
* Demonstrated experience with a variety of open source and commercial testing tools in areas such as web interception proxies, packet capture, debugging and API interaction.
* Experience with data analytics with the ability to provide qualitative analysis and recommendations
* Experience and knowledge of performing security tasks within AWS or Azure cloud environments
* Ability to develop strong working relationships with a variety of other enabling teams.
* Certifications such as GIAC Web Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC Penetration Testing (GPEN) are strongly preferred.
* Previous experience working in large scale environments with diverse technologies strongly preferred.
* Ability to automate technical tasks through use of APIs or scripting strongly preferred.
NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.
NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.
Back to top