Sr Engineer - Security Testing Services

Description:

PRIMARY FUNCTION

As part of the Product Security team, Security Testing Services is responsible for ad-hoc and ongoing penetration tests of Target Technology solutions. Our services support both our annual test plan and achievement of compliance requirements. Our techniques include both manual and automated test procedures across all segments of Target Information Technology and our Business Pyramids. Core domains included in our scope of test procedures include enterprise applications, web applications, mobile applications, databases, point of sale applications and infrastructure, retail store applications and infrastructure, mobile devices, network and cloud infrastructure, server, mainframe, and directory services.

PRINCIPAL DUTIES AND RESPONSIBILITIES

  • Consult, design, and execute penetration tests against Target applications and infrastructure
  • Identify and document security vulnerabilities in client/server, web, and mobile applications, as well as network, systems, and mobile infrastructure
  • Report vulnerabilities using our standardized reporting structure
  • Assign vulnerability scores utilizing the common vulnerability scoring system (CVSS)
  • Assist in the prioritization of findings based on risk
  • Partner closely with Target Cyber Threat Intelligence to quickly determine the relevance of emerging Cyber Threats across our environment and the risk the pose to Target
  • Consult with application and system owners to define remediation requirements and timelines
  • Validate the completeness and effectiveness of remediated vulnerabilities
  • Work with third-parties to coordinate and/or conduct penetration exercises

JOB REQUIREMENTS

MINIMUM REQUIREMENTS:

  • 3+ years of experience performing security testing
  • Expertise in 2 or more test domains specified above
  • Demonstrated history of identifying advanced vulnerabilities independently
  • BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience.
  • Experience utilizing automated vulnerability identification tools
  • Experience in manual penetration testing
  • Experience matching vulnerabilities with risk ratings
  • Experience with network and web application pen testing
  • Possession of excellent oral and written communication skills

Back to top