Cyber Security Specialist (red Team)
Here at Ultimate Software, we truly put our people first. We strongly believe in teamwork, and we encourage and trust our people to reach higher, learn more, and live up to their potential. Ultimate is ranked #1 on Fortune's Best Places to Work in Technology for 2019 and #2 on the 100 Best Companies to Work For list in 2020. Ultimate is also ranked #2 on Fortune’s 75 Best Workplaces for Women and #5 on its Best Workplaces for Diversity list. Learn more about US here:www.ultimatesoftware.com/careers
Ultimate Software is seeking talented web application testers and reverse engineers to join our internal counter security team chartered to identify and exploit application security vulnerabilities within the Ultimate Software product lines. The goal of this team is to validate that the code of our UltiPro family of enterprise software applications is secure.
This is a rare opportunity for the right Ethical Hacker/Application Security Engineer to join Ultimate Software’s award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today.
Primary/Essential Duties and Key Responsibilities:
- Identify and exploit security vulnerabilities in our web-based and client-server enterprise software applications
- Complete vulnerability assessment and penetration testing
- Document requirements to perform security tests
- Investigate customer requests related to product security
- Analyze reports coming out DAST tools and apply to the enterprise
- Desire to work in a blue/red/purple team coordinated activity
- Work with other internal security and programming teams to ensure company-wide compliance
- Brief senior leadership, stakeholders, and application owners on vulnerabilities
- Task, negotiate, and provide feedback on vendor/consultant activities
- 3 - 6+ years of demonstrable experience assessing and exploiting Web Applications
- Experience with web application vulnerability assessments specific to .NET and Microsoft SQL Server architectures
- Demonstrated experience identifying and exploiting common web-application vulnerabilities, such as: SQL Injection, DOM Manipulation, Authorization System Bypass, Design Logic issues, bounds checking, role & access validation and filter evasion.
- Experience with manual testing with a focus on systems coverage
- Evidence of broad knowledge of data manipulation techniques and encoding/encapsulation formats
- Experience hand-crafting/dissecting HTTP conversations
- Ability to create and share exploits
- Experience with specific software penetration tools
- Understanding of the applicability of software vulnerabilities, such as the OWASP Top 10 threats and Common Weakness Enumeration (CWE)
- Experience collaborating with teams towards a Secure Software Development Lifecycle by applying techniques such as Threat Modeling, Code Reviews and others.
- Market relevant certifications such as CREST/OSCP/OSCE/OSWP a plus
- Demonstrated rapid tool development & automation experience
- Regular Expressions (RegEx)
- Knowledge of SQL Server, SQL Client Tools, and T-SQL Stored Procedures
- Understanding of Web Application Firewalls
- Ability to communicate and document findings to team, developers, and senior management as necessary
- Strong *nix background
- Code Audit Exposure; C# and .NET
- Basic IIS and Windows 20XX Server administration
- Potential travel for training and global locations.
- Standing or sitting to complete assessments in a timely manner.
- 10% or less
Back to top