Cyber Security Specialist (red Team)

Here at Ultimate Software, we truly put our people first. We strongly believe in teamwork, and we encourage and trust our people to reach higher, learn more, and live up to their potential. Ultimate is ranked #1 on Fortune's Best Places to Work in Technology for 2019 and #2 on the 100 Best Companies to Work For list in 2020. Ultimate is also ranked #2 on Fortune’s 75 Best Workplaces for Women and #5 on its Best Workplaces for Diversity list. Learn more about US here:www.ultimatesoftware.com/careers

Ultimate Software is seeking talented web application testers and reverse engineers to join our internal counter security team chartered to identify and exploit application security vulnerabilities within the Ultimate Software product lines. The goal of this team is to validate that the code of our UltiPro family of enterprise software applications is secure.

This is a rare opportunity for the right Ethical Hacker/Application Security Engineer to join Ultimate Software’s award winning team. You will be working alongside some of the best in the business. If you are qualified and want to join our top-rated team, apply online today.

Primary/Essential Duties and Key Responsibilities:

  • Identify and exploit security vulnerabilities in our web-based and client-server enterprise software applications
  • Complete vulnerability assessment and penetration testing
  • Document requirements to perform security tests
  • Investigate customer requests related to product security
  • Analyze reports coming out DAST tools and apply to the enterprise
  • Desire to work in a blue/red/purple team coordinated activity
  • Work with other internal security and programming teams to ensure company-wide compliance
  • Brief senior leadership, stakeholders, and application owners on vulnerabilities
  • Task, negotiate, and provide feedback on vendor/consultant activities


Required Qualifications:

  • 3 - 6+ years of demonstrable experience assessing and exploiting Web Applications
  • Experience with web application vulnerability assessments specific to .NET and Microsoft SQL Server architectures
  • Demonstrated experience identifying and exploiting common web-application vulnerabilities, such as: SQL Injection, DOM Manipulation, Authorization System Bypass, Design Logic issues, bounds checking, role & access validation and filter evasion.
  • Experience with manual testing with a focus on systems coverage
  • Evidence of broad knowledge of data manipulation techniques and encoding/encapsulation formats
  • Experience hand-crafting/dissecting HTTP conversations
  • Ability to create and share exploits
  • Experience with specific software penetration tools
  • Understanding of the applicability of software vulnerabilities, such as the OWASP Top 10 threats and Common Weakness Enumeration (CWE)


Preferred Qualifications:

  • Experience collaborating with teams towards a Secure Software Development Lifecycle by applying techniques such as Threat Modeling, Code Reviews and others.
  • Market relevant certifications such as CREST/OSCP/OSCE/OSWP a plus
  • Demonstrated rapid tool development & automation experience
  • Regular Expressions (RegEx)
  • Knowledge of SQL Server, SQL Client Tools, and T-SQL Stored Procedures
  • Understanding of Web Application Firewalls
  • Ability to communicate and document findings to team, developers, and senior management as necessary
  • Experience in web programming (Java, ASP, ASP.NET, HTML, JavaScript)
  • Strong *nix background
  • Code Audit Exposure; C# and .NET
  • Basic IIS and Windows 20XX Server administration
Physical Requirements:

  • Potential travel for training and global locations.
  • Standing or sitting to complete assessments in a timely manner.


Travel Requirements:

  • 10% or less
This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.If you are an applicant and need a reasonable accommodation when applying for job opportunities within the Company or request a reasonable accommodation to utilize the Company’s online employment application, please contact accessibility@ultimatesoftware.com


Back to top