You are using an outdated browser. Please upgrade your browser to improve your experience.

Cyber Security Specialist (red Team)

Date posted:

Oct 13, 2020

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at www.ukg.com/careers

Ultimate Software is seeking talented web application testers and reverse engineers to join our internal counter security team chartered to identify and exploit application security vulnerabilities within the Ultimate Software product lines. The goal of this team is to validate that the code of our UltiPro family of enterprise software applications is secure.

This is a rare opportunity for the right Ethical Hacker/Application Security Engineer to join Ultimate Software's award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today.

Primary/Essential Duties and Key Responsibilities:

Identify and exploit security vulnerabilities in our web-based and client-server enterprise software applications
Complete vulnerability assessment and penetration testing
Document requirements to perform security tests
Investigate customer requests related to product security
Analyze reports coming out DAST tools and apply to the enterprise
Desire to work in a blue/red/purple team coordinated activity
Work with other internal security and programming teams to ensure company-wide compliance
Brief senior leadership, stakeholders, and application owners on vulnerabilities
Task, negotiate, and provide feedback on vendor/consultant activities

Required Qualifications:

3 - 6+ years of demonstrable experience assessing and exploiting Web Applications
Experience with web application vulnerability assessments specific to .NET and Microsoft SQL Server architectures
Demonstrated experience identifying and exploiting common web-application vulnerabilities, such as: SQL Injection, DOM Manipulation, Authorization System Bypass, Design Logic issues, bounds checking, role & access validation and filter evasion.
Experience with manual testing with a focus on systems coverage
Evidence of broad knowledge of data manipulation techniques and encoding/encapsulation formats
Experience hand-crafting/dissecting HTTP conversations
Ability to create and share exploits
Experience with specific software penetration tools
Understanding of the applicability of software vulnerabilities, such as the OWASP Top 10 threats and Common Weakness Enumeration (CWE)

Preferred Qualifications:

Experience collaborating with teams towards a Secure Software Development Lifecycle by applying techniques such as Threat Modeling, Code Reviews and others.
Market relevant certifications such as CREST/OSCP/OSCE/OSWP a plus
Demonstrated rapid tool development & automation experience
Regular Expressions (RegEx)
Knowledge of SQL Server, SQL Client Tools, and T-SQL Stored Procedures
Understanding of Web Application Firewalls
Ability to communicate and document findings to team, developers, and senior management as necessary
Experience in web programming (Java, ASP, ASP.NET, HTML, JavaScript)
Strong *nix background
Code Audit Exposure; C# and .NET
Basic IIS and Windows 20XX Server administration

Physical Requirements:

Potential travel for training and global locations.
Standing or sitting to complete assessments in a timely manner.

Travel Requirements:

10% or less

This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.If you are an applicant and need a reasonable accommodation when applying for job opportunities within the Company or request a reasonable accommodation to utilize the Company's online employment application, please contact accessibility@ultimatesoftware.com

Beware of phishing or suspicious messages that appear to come from a trusted or known source and that asks for personal information, account information or requests that you send money to cover expenses associated with a job or otherwise. Ultimate Software does not ask for this information from our job applicants or candidates and never asks for any applicant or candidate to send money.

It has come to our attention that some people have been contacted online by persons impersonating job recruiters for Ultimate Software. These fraudulent "recruiters" have used Gmail accounts to contact, and have requested personal information, such as depositing a check to purchase work-related supplies. These are not legitimate recruiters or job offers, and do not represent Ultimate Software. To safely apply for and view open positions at Ultimate Software, please click "Apply" and follow the instructions. Note that our recruiter emails always come from an officialultimatesoftware.comemail address.

If you suspect you have been the victim of this or a related fraud, immediately contact your financial institution, and then file a complaint with the FBI's Internet Crime Complaint Center atwww.ic3.gov. If you shared other personal or sensitive information, you may need to take additional actions relative to what was shared. Your local law enforcement department may also be able to assist. For any general security related questions regarding Ultimate, feel free to emailsecurity@ultimatesoftware.com.

Send To A Friend

Flag this job as down