Cyber Security Specialist (red Team)
Here at Ultimate Software, we truly put our people first. We strongly believe in teamwork, and we encourage and trust our people to reach higher, learn more, and live up to their potential. Ultimate is ranked #1 on Fortune's Best Places to Work in Technology for 2019 and #2 on the 100 Best Companies to Work For list in 2020. Ultimate is also ranked #2 on Fortune’s 75 Best Workplaces for Women and #5 on its Best Workplaces for Diversity list. Learn more about US here:www.ultimatesoftware.com/careers
Ultimate Software is seeking talented web application testers and reverse engineers to join our internal counter security team chartered to identify and exploit application security vulnerabilities within the Ultimate Software product lines. The goal of this team is to validate that the code of our UltiPro family of enterprise software applications is secure.
This is a rare opportunity for the right Ethical Hacker/Application Security Engineer to join Ultimate Software’s award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today.
Primary/Essential Duties and Key Responsibilities:
- Identify and exploit security vulnerabilities in our web-based and client-server enterprise software applications
- Complete vulnerability assessment and penetration testing
- Document requirements to perform security tests
- Investigate customer requests related to product security
- Analyze reports coming out DAST tools and apply to the enterprise
- Desire to work in a blue/red/purple team coordinated activity
- Work with other internal security and programming teams to ensure company-wide compliance
- Brief senior leadership, stakeholders, and application owners on vulnerabilities
- Task, negotiate, and provide feedback on vendor/consultant activities
- 3 - 6+ years of demonstrable experience assessing and exploiting Web Applications
- Experience with web application vulnerability assessments specific to .NET and Microsoft SQL Server architectures
- Demonstrated experience identifying and exploiting common web-application vulnerabilities, such as: SQL Injection, DOM Manipulation, Authorization System Bypass, Design Logic issues, bounds checking, role & access validation and filter evasion.
- Experience with manual testing with a focus on systems coverage
- Evidence of broad knowledge of data manipulation techniques and encoding/encapsulation formats
- Experience hand-crafting/dissecting HTTP conversations
- Ability to create and share exploits
- Experience with specific software penetration tools
- Understanding of the applicability of software vulnerabilities, such as the OWASP Top 10 threats and Common Weakness Enumeration (CWE)
- Experience collaborating with teams towards a Secure Software Development Lifecycle by applying techniques such as Threat Modeling, Code Reviews and others.
- Market relevant certifications such as CREST/OSCP/OSCE/OSWP a plus
- Demonstrated rapid tool development & automation experience
- Regular Expressions (RegEx)
- Knowledge of SQL Server, SQL Client Tools, and T-SQL Stored Procedures
- Understanding of Web Application Firewalls
- Ability to communicate and document findings to team, developers, and senior management as necessary
- Strong *nix background
- Code Audit Exposure; C# and .NET
- Basic IIS and Windows 20XX Server administration
- Potential travel for training and global locations.
- Standing or sitting to complete assessments in a timely manner.
- 10% or less
Beware of phishing or suspicious messages that appear to come from a trusted or known source and that asks for personal information, account information or requests that you send money to cover expenses associated with a job or otherwise. Ultimate Software does not ask for this information from our job applicants or candidates and never asks for any applicant or candidate to send money.
It has come to our attention that some people have been contacted online by persons impersonating job recruiters for Ultimate Software. These fraudulent “recruiters” have used Gmail accounts to contact, and have requested personal information, such as depositing a check to purchase work-related supplies. These are not legitimate recruiters or job offers, and do not represent Ultimate Software. To safely apply for and view open positions at Ultimate Software, please click “Apply" and follow the instructions. Note that our recruiter emails always come from an officialultimatesoftware.comemail address.
If you suspect you have been the victim of this or a related fraud, immediately contact your financial institution, and then file a complaint with the FBI’s Internet Crime Complaint Center atwww.ic3.gov. If you shared other personal or sensitive information, you may need to take additional actions relative to what was shared. Your local law enforcement department may also be able to assist. For any general security related questions regarding Ultimate, feel free to email@example.com.
Back to top