Pearson Jobs

Job Information

Pearson Application Penetration Tester in Bloomington, Minnesota

Application Penetration Tester - ( 2104584 )

Description

We are the world’s learning company with more than 21,000 employees operating in 70 countries. We combine world-class educational content and assessment, powered by services and technology, to enable more effective teaching and personalized learning at scale. We believe that wherever learning flourishes, so do people.

Pearson VUE is a business of Pearson, the world's leading learning company with global-reach and market-leading businesses. Pearson is listed on both the London and New York stock exchanges (UK: PSON; NYSE: PSO).

Who is Pearson VUE?

Each year millions of people around the world take an exam with Pearson VUE. Chances are you, or someone you know, has recently tested with us. Your neighbor the computer programmer, your dad’s nurse, your child’s teacher or your local real estate agent. All demonstrate their knowledge, skill and commitment when they test with Pearson VUE.

The position will be located in the Bloomington, MN office

As an application penetration tester, you will be executing a penetration testing program for Pearson VUE applications and systems. This will include thick-client applications, web applications, SOAP and REST API integrations running on either cloud or on-prem infrastructure. In this role, you will build the tool suite, schedule, and carry out penetration tests on an array of technology stacks, security testing support to enable DevSecOps, and consult on risk levels of vulnerabilities to help product team prioritize their corrective actions per the vulnerability management standards. In addition, in times of incident response, the Application Penetration Tester may be asked to contribute to forensics digital evidence gathering and/or technical response lead.

The Application Penetration Tester Will:

  • Perform penetration testing

  • Develop and implement tools for penetration testing and early warning of weaknesses or possible incidents building on methodologies as promulgated by NIST, PCI, etc.

  • Configure security testing platforms and tools

  • Manage procedures for penetration tests

  • Perform penetration testing on our internal- and external-facing applications

  • Analysis

  • Perform threat modeling for existing applications

  • Incident Response

  • Perform reactive incident response when a security event occurs

  • Perform proactive research to detect new attack vectors

  • Correctly balance security risk and product advancement

  • Training and coaching

  • Develop, maintain, and socialize secure coding guidelines and best practices

  • Work with developers to assist in designing and architecting secure systems

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production

  • Coach development teams on how to resolve and prevent vulnerabilities

  • Be a security subject matter expert and respond to any internal security engineering questions/requests

Pearson is an Equal Opportunity and Affirmative Action Employer and a member of E-Verify. All qualified applicants, including minorities, women, protected veterans, and individuals with disabilities are encouraged to apply.

Qualifications

Required Education and Experience:

  • Bachelor degree in Computer Science, MIS, or equivalent technology discipline

  • Experience in cyber security

  • Experience in application penetration testing

  • Experience with web and thick-client applications, databases, operating systems, and public cloud providers

  • Experience in penetration testing large and complex applications

  • Strong Development background using multiple development tools, techniques, and platform technologies

  • Programming experience with focus on penetration testing or process automation

  • A thorough understanding of cyber security best practices and the ability to effectively apply those practices

  • Proven ability to quickly learn new processes and tools, business domains and technical applications

  • Ability to think technically and analytically

  • Must assimilate information, distill knowledge, apply experience and provide solution alternatives and recommendations

  • Continuous expansion of knowledge in many development languages, applications, and tools

  • Ability to develop effective relationships and work well within a team

  • Must be a self-starter and detail-oriented

  • Must have a positive and energetic demeanor

  • Effective written and verbal communication skills

  • Experience documenting technical testing and assessment results in a formal report format and presenting results to both a technical and executive audience.

  • Creative problem-solving skills

Desired Knowledge, Skills and Abilities:

  • Professional certifications in one or more of: CISSP, CEH, GCFE, CFCE, or CSSLP

  • Secure web app design, cryptography and key material handling, authentication mechanisms such as OAUTH, SAML or OpenID, sensitive data protection, SDLC integration (fuzzing tests, static and dynamic code analysis)

  • Experienced in the use of source code scanners and the ability to manually validate findings/eliminate false positives

  • Familiar with the use of various manual and dynamic application vulnerability testing suites

  • Ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner

  • Proficiency with scripting languages (e.g. Python, Bash, PowerShell)

  • Desire to expand knowledge

  • Demonstrated enthusiasm for Information Security (e.g. GitHub repo, blogs, presentations, conference talks, local security association member, participated in free skill-building / hacking challenges SANS Holiday Hack, HackerOne CTF, HackTheBox.eu, etc.)

  • Applied Threat Modeling methodologies

  • Experience with regulatory compliance, policy development, and policy enforcement

  • Experience with various compliance standards (NIST SP 800 series, PCI, FISMA , SOC)

Experience with the following tools and practices (Required):

  • Experience with the following technologies:

  • Web Application testing: e.g. Metasploit, BurpSuite, ZAP

  • Penetration testing Linux distros: e.g. Backbox, Kali, Matriux Linux

  • Vulnerability Assessment testing

  • Identification and Authentication schemes

  • Public Key Infrastructure and Identity Management

  • Reverse Engineering

  • Security engineering

Experience with the following tools and practices (Preferred):

  • Kali LInux (or similar)

  • Web application penetration testing tools and frameworks

  • Cloud Computing

Primary Location : US-MN-Bloomington

Work Locations :

US-MN-Bloomington-5601 Green Valley

5601 Green Valley DriveSuite 220

Bloomington55437

Job : Technology

Organization : Assessments VUE

Employee Status : Regular Employee

Job Type : Standard

Job Level : Individual Contributor

Shift : Day Job

Job Posting : Jun 3, 2021

Job Unposting : Ongoing

Schedule: : Full-time Regular

Req ID: 2104584

DirectEmployers