Senior Application Penetration Tester

Chubb

Θεσσαλονίκη
Μόνιμη
Πλήρης Απασχόληση

Πριν 1 μήνα

Job Description:Chubb is the world's largest publicly traded property and casualty insurer operating in 54 countries, Chubb is making significant investments to thrive in a digital age. Chubb launched its third Technology Hub in Thessaloniki in 2022 which is rapidly developing. Our new center of excellence in Greece is positioned to drive our ongoing business and to support our digital business transformation, as well as the company's operations in the European region which encompasses 27 countries.Chubb is looking for a Senior Application Penetration Tester to join our Cybersecurity team. This is a permanent full-time position and a compelling opportunity to join a global, growing, financially stable and successful company. As an industry leader, Chubb is an employer of choice for skilled technology professionals aspiring to develop a meaningful career in a fast-paced, diverse company with offices in most major cities in the world.OverviewThe Chubb Information Security team is responsible for protecting information and information systems against unauthorized access, detecting, and responding to attempts to gain access and enabling access through our identity processes. Chubb operates a global information security team supporting local business units across five regions (Asia Pacific, North America, Latin America, Japan, and Europe including the Middle East and Africa). Our global information security strategy is developed with input from each of these regions and translated into programs that are then executed by the regions using resources from each region (especially, our infrastructure partners).The Application Vulnerability Management team is tasked with identifying security vulnerabilities in Chubb applications, using both automated scanning tools and manual penetration testing activities.The Senior Application Penetration Tester role is specifically responsible for the overall vulnerability remediation status of the global application portfolio. This includes engaging directly with application development teams and their management to address topics related to application vulnerabilities and remediation efforts, such as reporting on scan results, managing remediation plans, and receiving updates from development teams.The candidate will be required to maintain accurate vulnerability remediation metrics and help provide regular reports to IT leadership on global remediation progress.The role will evolve to include management of global application risk rating, an existing process which is being reviewed for modification to support security architecture initiatives.Responsibilities:

Manage the overall vulnerability remediation status of the global application portfolio
Primary point of contact with IT application development teams for remediation related matters
Accurately track vulnerability remediation efforts
Hold regular status calls with portfolio leads as necessary to maintain a consistent channel of communication
Follow up on overdue vulnerabilities with portfolio leads
Manage global application risk rating processes
Ensure timely risk scoring of new and changing applications
Ensure enterprise application repository information is up to date with security and risk information
Create and distribute regular vulnerability status reports to portfolio leads and CIOs
Provide recommendations for automation or other process improvement suggestions for operational processes

Qualifications:Qualifications:

Prior experience with managing Information Security projects
Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience
Minimum of 2 years' professional experience performing web application pen testing, API endpoint testing and, mobile penetration testing (IOS & Android).
Knowledge with prioritizing remediation activities with operational teams through risk ratings of vulnerabilities and assets
Knowledge of industry standards regarding vulnerability management including Common Vulnerabilities and Exposures (CVE) and Common Vulnerability Scoring System (CVSS)
Knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security
Knowledge of penetration testing principles, tools, and techniques.
Working experience with industry frameworks (OWASP, NIST, etc.)
Comfortable working outside their comfort zone with a willingness to learn
Excellent verbal and written communication skills
Strong analytical skills
Strong team player with ability to work independently
Strong project management skills and ability to multi-task
Self-motivated with strong initiative
Knowledge of computer networking concepts and protocols, and application security methodologies
Skill in performing impact/risk assessments

Preferred Qualifications:

Good understanding of secure SDLC, data protection, information security principles and exploit/ attack techniques.
Familiar with all basic concepts related to networking, applications, operating system functionality and be able to apply application logic manipulation, bypassing security controls and exploit development.
Assist with scoping engagements, leading from kickoff through remediation, and track vulnerabilities as per timelines.
Improve operational efficiency by building and evaluating workflow processes, procedures, checklists, automation, and tooling.
Security testing tools including Kali Linux, Metasploit, Nmap, Burp Suite, OWASP ZAP Proxy, Santoku, MSF, GenyMotion, Appie, APK tool, JD-GUI, SQL Map, etc.
Skilled in identifying OWASP TOP 10 (Web & Mobile) vulnerabilities.
Develop secure coding checklist to applications based on OWASP ASVS (Application Security Verification Standards).
Lead and execute security assessments to identify business risk, likelihood and impact an attacker may have on the system due to bad coding errors and weak or missing security controls.
Experience with conducting reverse engineering on mobile applications, identifying hard coded passwords, SQLi and key chain distributions including applications with anti-emulator and obfuscation protections.
Experience conducting full-scope assessments and penetration tests including - social engineering, reverse engineering, server & client-side attacks and web & mobile application exploitation.
Identify and prioritize key risk areas balancing the business risk and cyber threats.
Code analysis for control flow, bypass application logics and security flaws.
Utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities.
Validate security weaknesses, research new attack techniques, develop custom scripts, exploits, tools, and methodologies to enhance penetration testing processes etc.
Identify and demonstrate vulnerabilities that may be used by an adversary to exploit components of the target systems.
Analyze security findings, including risk analysis and root cause analysis.
Risk rate the vulnerabilities based on actual impact to the business.
Ability to document security weaknesses, including steps to reproduce and explain technical details in a concise, understandable manner.
Develop comprehensive and accurate security penetration reports.
Research and formulate practical short and long term remediations for vulnerabilities.
Effectively communicate findings and strategy to business stakeholders, including technical and executive leadership.
Work closely with development teams to ensure closing of remediated vulnerabilities until deployed to production.
Ability to maintain and develop dashboards to track the status of security vulnerabilities.
Follow up on the overdue vulnerabilities to meet the compliance requirements.
Good to have security certifications: GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), Licensed Penetration Tester (LPT), Certified Ethical Hacker (CEH), OSCP or OCWE, etc.
Active team player with interpersonal, collaborative, and consultative skills.
Strong, clear, and concise verbal and written communication skills
Ability to adapt, reprioritize project work, and help drive the team's focus as priorities shift or requirements change

Our team makes the difference, every time. For this reason, we offer in return!We offer hybrid working model, explicit, structured career development, a competitive salary package, annual bonus, private medical cover, monthly allowance for lunch, continuous learning experiences, work in a fun, lively environment with mentoring from our groundbreaking senior mentors.Integrity. Client Focus. Respect. Excellence. TeamworkOur core values instruct how we live and work. We're an ethical and honest company that's wholly committed to its clients. A business that's engaged in mutual trust and respect for its employees and partners. A place where colleagues perform at the highest levels. And a working environment that's collaborative and encouraging.Diversity & InclusionAt Chubb, we consider our people our chief competitive advantage and as such we treat colleagues, candidates, clients, and business partners with equality, fairness and respect, regardless of their age, disability, race, religion or belief, gender, sexual orientation, marital status or family circumstances. We earnestly strive to achieve an environment where all colleagues feel comfortable to perform to their full potential and are recognized for their contributions.Many voices, One Chubb!

Chubb

Αίτηση