Facebook pixel

Security Engineer
Penetration Tester
Posted on 3/17/2022
INACTIVE
Locations
Provo, UT, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
Node.js
AngularJS
Android Development
AWS
Docker
iOS/Swift
JavaScript
Java
Linux/Unix
React.js
Kubernetes
Python
Go
Requirements
  • Bachelor's degree in Computer Science or a related field
  • At least three years performing manual web application penetration testing as a primary job responsibility, including the use of professional penetration testing tools (e.g., Burp Suite)
  • Sound understanding of application and network security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
  • Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)
Responsibilities
  • Use manual penetration testing techniques to identify or validate vulnerabilities in Qualtrics web applications, systems, networks and mobile applications
  • Leverage your accumulated subject matter expertise of Qualtrics applications, systems and code, as well as findings from SAST, DAST, IAST, network vulnerability scanners and similar assessment tools to augment manual testing
  • Manage bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
  • Organize and lead internal purple and red team exercises to systematically evaluate Qualtrics environments for security flaws
  • Document remediation recommendations and collaborate with engineers to ensure vulnerability findings are successfully and efficiently addressed
  • Review source code & software/system designs, and consult with software engineers across the organization to identify and/or avoid security issues through alignment to security standards
  • Document and improve secure SDL processes, standards and guidelines
  • Deliver training and provide mentoring to software engineers on security topics
  • Facilitate threat modeling exercises to ensure optimized security design decisions are being made
  • Make recommendations for architecture & design improvements to address recurring issues
  • Automate redundant tasks for assessment and related activities in order to optimize our team's efficiency and reach
Desired Qualifications
  • Experience with assessing large, complex SaaS applications
  • One or more relevant security certifications (CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
  • Familiarity with AWS, Docker, Kubernetes, Linux and similar infrastructure/technologies
  • IOS/Android mobile application pentesting experience
  • Prior full time software development experience
Qualtrics

5,001-10,000 employees

Experience management software
Company mission
With Qualtrics XM, organizations can be at every meaningful touchpoint, for every experience, and predict which changes will resonate most with stakeholders. At Qualtrics, their mission is to close the experience gap.
Benefits
  • Work hard/play hard - For every bit of hard work we put in, we have twice the fun. Whether that means taking a break in a massage chair or hitting the slopes after work, Qualtrics makes sure that employees take time to recharge and live it up. Everyone receives $1500 annually to spend on a ‘bucket list’ adventure.
  • Upward mobility - Because we’re a hyper-growth company, getting promoted and taking on more opportunity is always an option. We hire individuals who have what it takes to quickly step into the next role and take on opportunities beyond their core job description.
  • Office perks - We believe in a workspace that allows you to take a breather and pepper fun throughout your day. Grab a beer in the Dublin office pub, enjoy Seattle’s rooftop patio overlooking the Puget Sound, or raid one of the many kitchens around Provo’s office.
  • Global - Qualtrics employees are plugged into a network of experienced professionals around the globe. With weekly company-wide video meetings and our own internal social network, employees get global experience and stay up-to-date on what’s happening across the organization.
  • Total rewards - The term “benefits” doesn’t really do our employee rewards program justice. We provide medical, dental, and vision insurance, 20+ days of annual leave, generous retirement fund contributions, quarterly bonuses, and tons of career mobility.
  • High bar - We don’t hire cutthroat individuals who only care about themselves. We’re looking for top performers with a wide array of professional and personal experience. Our employees are driven, intelligent, diverse and interesting people who work well in teams and know how to have fun.
Company Values
  • Transparent - Our default is to share, leading to open debate, trust, and decisions based on data, not politics.
  • All in - We bet on Qualtrics and Qualtrics bets on us. This is our company. We deliver, whatever it takes.
  • Customer obsessed - If a customer is upset, we failed. Period. We learn, and we fix it.
  • One team - There is only one team at Qualtrics. We win and lose together and never say, 'That's not my job'.
  • Scrappy - We're smart, resourceful, and find a way. We write our own story instead of following others.