Job Description

Job Title: Applications Security Assessor - Penetration Testing/Ethical Hacking Analyst
Job Location: Illinois


  • Researching, designing, engineering, implementing, and supporting information security and directory technology systems (software and hardware)
  • Utilizes in-depth technical knowledge and business requirements to design and implement secure solutions to meet customer/client needs while protecting the company's assets
  • Develops and implements security standards, procedures, and guidelines for multiple platforms and diverse environment (e.g. client server, distributed, mainframe, etc.)
  • Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results
  • Work leadership may be provided by assigning work and resolving problems
  • Conduct application security assessments/penetration tests of our internal/external web, mobile, and web service applications leveraging both manual techniques as well as automated tools, in order to uncover and report security vulnerabilities that exist
  • Must be knowledgeable with business risks associated to common security vulnerabilities and be able to effectively communicate security vulnerabilities to application developers and/or senior managers who may have little to no experience with application security vulnerabilities

Required Qualifications:

  • Bachelor of Science or Master of Science in Computer Science (or relevant work experience in large scale IT environment)
  • At least three years of experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, and Business Logic Bypass, OWASP Top 10, SANS top 25, etc.)
  • Ability to demonstrate manual web application testing experience
  • Must be able to simulate a SQL inject/Cross-site script attack without the use of tools
  • Expert level experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro, etc.)
  • Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
  • Experience with vulnerability assessment tools and penetration testing techniques (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions (i.e. BackTrack/Kali), static source code analyzers, SoapUI, etc.)
  • Experience penetration testing on mobile platforms such as iOS, Android, Windows, and RIM
  • Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
  • Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security, security engineering, application architecture, authentication and security protocols, application session management, applied cryptography, common communication protocols, mobile frameworks, single sign-on technologies, exploit automation platforms, and RESTful web services
  • Demonstrated ability to learn and apply critical thinking to a variety of situations
  • Ability to work independently in a very large-scale, enterprise setting

Preferred Qualifications:

  • One or more of following certifications: CISSP, GWAPT, CEH, OSCP or qualified work experience
  • Strong scripting skills (e.g., Python, Perl, Shell script, JavaScript)
  • Experience as a developer
  • Mobile programming abilities, such as Xcode, Objective-C
  • Knowledge of Structured Query Language
  • Strong teamwork skills
  • Effective written and oral communication skills
  • Ability to multi-task and handle multiple projects
  • Ability to work in a fast paced, challenging environment
  • Previous experience as an application security professional within a large Financial Institution

QBH#: 2074

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online