Nike logo
Senior Penetration Tester - Nike Portland, OR, USA Bookmark Share Print 471 3 3

Listing Description

The Senior Penetration Tester is part of the Security Operations organization and participates in the attack surface reduction of global computing assets. The Senior Penetration Tester is responsible for security testing of Nike technology, coordination with stakeholders regarding their findings and completion of day to day tasks associated with penetration test program. The Senior Penetration tester shall take the technical lead on web application, mobile application and red team engagements.

Job Responsibilities:

Conduct initial penetration test scoping/kick off meetings with business stakeholders.

Lead web application, mobile, web service and network penetration testing within the designated scope and rules of engagement.

Lead regular meetings with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.

Provides analysis of remediation actions taken, opportunities for improvement and blockers.

Provide mentoring and training to junior members of penetration testing team.

Perform required audit related tasks from internal audit, SOX and PCI activities.

Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk tracking.

Maintain and compose operational process documentation regarding program execution.

Maintain and grow penetration testing tool suites through the use of commercial and open source products.

Lead and organize red team activities, with appropriate coordination with blue team resources.

Qualifications:

Bachelor's degree in Computer Science, Information Technology, Cyber Security, or related discipline or equivalent experience.

5+ years of IT professional experience.

2+ years Information Security experience, with previous penetration testing or application security background

Strong understanding of a variety of technical concepts such as: Application development, networking, systems administration, and information security practices.

Strong Web Application development, security flaw and remediation technical understanding.

Experience with data analytics with the ability to provide qualitative analysis and recommendations.

Strong verbal and written communication skills.

Strong organizational and/or project management skills.

Ability to develop strong working relationships with a variety of other enabling teams.

Strong attention to detail, data accuracy, and data analysis.

Self-motivated and operates with a high sense of urgency and a high level of integrity.

Strongly Preferred:

Certifications such as GIAC Web Application Penetration Testing (GWAPT), Offensive Security Certified Professional (OSCP) or GIAC Penetration Testing (GPEN) are strongly preferred.

Previous experience working in large scale environments with diverse technologies.

Experience and knowledge of performing security tasks within AWS or Azure cloud environments

Ability to automate technical tasks through use of API or scripting

Demonstrated technical experience with:

Technical administration of Vulnerability or Secure Code solutions such as Metasploit, Burp, ADB, Rapid7 Nexpose, Qualys, WhiteHat, Microfocus Fortify & WebInspect, Veracode, AppSpider

Windows Servers, Desktops, Laptops

UNIX Servers (Solaris, Red Hat Enterprise)

Network Switching and Routing (Cisco, Juniper)

Familiarity of TCP/IP and associated protocols.Conduct initial penetration test scoping/kick off meetings with business stakeholders.

Lead web application, mobile, web service and network penetration testing within the designated scope and rules of engagement.

Lead regular meetings with business stakeholders to ensure remediation efforts adhere to corporate standards and policies.

Provides analysis of remediation actions taken, opportunities for improvement and blockers.

Provide mentoring and training to junior members of penetration testing team.

Perform required audit related tasks from internal audit, SOX and PCI activities.

Interface with other CIS organizations such as Governance, Risk and Threat Intelligence to report on program status and coordinate risk tracking.

Maintain and compose operational process documentation regarding program execution.

Maintain and grow penetration testing tool suites through the use of commercial and open source products.

Lead and organize red team activities, with appropriate coordination with blue team resources.


Listing Details

  • Citizenship: Us Citizen
  • Incentives: Bonus

 

  • Education: Bachelors Degree
  • Travel: No Travel
  • Telework: No Telecommute



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765