Back to all jobs

Security Test Engineer

Cyber Ark

Aug 16

Open to Remote Work

 

About CyberArk:

CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on Twitter via @CyberArkLinkedIn or Facebook.

 

Job Description:

Join our Quality Engineering team working within the organization to help drive security first methodology in our engineering process for our Enterprise Identity SSO product.

 

Responsibilities:

  • Collaborate with engineering teams on architecting, implementing technologies, processes, and improvements around product security
  • Develop security testing plans to identify misconfigurations, vulnerabilities, and visibility shortfalls
  • Assist, mentor, and educate about internal secure development methodologies and CyberArk  "Security Champions" program.

 

Requirements:

  • 4+ years of experience working in the software development industry as a test engineer or an engineer with responsibilities relating to security
  • Bachelor’s degree in Computer Science, Computer Information Systems, Software Engineering, or Mathematics or a related field, or its equivalent
  • Programming experience in one or more languages (Java, JavaScript, Python, Shell/BASH, C/C, C#)
  • Background in Whitebox penetration testing
  • OSCP certification a huge plus
  • Experience with web application scanning tools (e.g. Static / Dynamic, Interactive, etc.) including Qualys WAS, Appspider, Acutenitx, Veracode, Burp Suite, Netsparker, OWASP Zap, Checkmarx, Whitesource, Snyk or similar
  • Past development expertise or operational or consultative experience supporting application security teams.
  • Threat modeling experience
  • Experience using source code management tools such as Perforce, GIT or equivalent
  • Strong debugging skills and experience performing security code reviews
  • Experience with Active Directory and/or LDAP
  • Understanding of PKI, Certificate security, encryption, HTTPS
  • Strong written and oral communication and collaboration skills, ability to collaborate effectively in team, across team and with management and other disciplines
  • Experience working with product management, engineering and ops to help them buy into a potentially disruptive, but important, security update/change
  • Demonstrated security research activities (e.g. participation in bug bounties or credit for reporting CVEs).
  • Working knowledge of cybersecurity frameworks and standard practices such as NIST Cybersecurity Framework, CSA, or OWASP

 

CyberArk is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, disability, or protected Veteran status.

 

Recruiting agencies or vendors without a valid agreement between the parties are not authorized to (a) send CyberArk unsolicited resumes or candidate data or (b) contact CyberArk employees for the purposes of presenting candidates for employment. CyberArk will only work with recruiting agencies who have a valid agreement with CyberArk and that are specifically invited by CyberArk’s recruiting team to assist with searching for and submitting candidates for a specific position. Any unsolicited resumes or other candidate data submitted to CyberArk will not be accepted and shall be considered CyberArk’s property. CyberArk will not pay any placement or other fees of any kind for any unsolicited resumes or candidate data that is submitted in violation of this policy. CyberArk does not accept liability under any legal theory such as course of conduct, oral agreements, implied contracts, or otherwise based on negotiations with a candidate identified from an unsolicited resume or data in violation of this policy.