Associate, Information Security (Application Security Tester)
Banco Santander
11h ago

Associate, Information Security (Application Security Tester)Dorchester, United States of America


The Application Security Tester is responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network, and web vulnerability assessment / security testing.

The Application Security Tester identifies the security flaws and weaknesses in the systems that can be exploited to cause business risk, and provides crucial insights into the most pressing issues, suggesting how to prioritize security resources.

Responsibilities :

  • Knowledge of common software vulnerabilities, such as those in the OWASP Top 10
  • Experience with CVSS and how to apply
  • Acts as influencer of peers and management
  • Conducts Software Composition Analysis, SAST, DAST and Penetration testing
  • Post vulnerability assessment, work with various stakeholders to provide remediation to the identified risks and bring the same to closure
  • Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements
  • Conducts risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications, and systems
  • Conducts security research on threats and remediation methods
  • Conducts vulnerability assessment on the target IT Infrastructure, applications, and related information assets
  • Conducts walk-through of the assessment report to the stakeholders and help define remediation plan
  • Creates process improvement by identifying inefficiencies and solutions for process improvements
  • Develops and maintains a set of operational and forward-looking security metrics
  • Follows a standard methodology to identify and / or detect threats to the IT infrastructure, applications, and other information assets
  • Interacts with partners as needed to explain work product, security techniques, methodology and results to ensure appropriate business value
  • Oversees monitoring of security reports to identify issues and follow these issues to resolution
  • Performs web application security assessments (e.g., exploiting web app vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking, etc.
  • Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review
  • Promotes cross-department collaboration and communication to ensure appropriate processes, procedures and tools are installed, monitored, and effectively operating and alerting
  • Provides direction and act as an escalation point on projects and issues to other team members,
  • Provides technical security consulting support to address complex business and technology projects and requests
  • Updates job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities;
  • reading professional publications; maintaining personal networks; participating in professional organizations

  • Works with various teams to follow a pre-assessment plan / and assessment schedule for every assessment, conduct threat assessment, and deliver an assessment report
  • Writes clear implementation guidelines for the implementation engineers
  • Qualifications :

  • Must have a bachelor’s degree computer science, software dev, info sec, security engineering, etc.
  • 5-9 years detecting threats and vulnerabilities
  • Knowledge of common software vulnerabilities, such as those in the OWASP Top 10
  • Experience with CVSS and how to apply
  • Must have experience with web application and code vulnerability scanning tools such as AppScan, Fortify, BurpSuite.
  • Acts as a subject matter expert (SME) while providing leadership, and guidance
  • Security certifications a plus
  • Ethical hacking experience a plus
  • Exposure to IT risk management a plus
  • Diversity & EEO Statements : At Santander, we value and respect differences in our workforce and strive to increase the diversity of our teams.

    We actively encourage everyone to apply.

    Santander is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, genetics, disability, age, veteran status or any other characteristic protected by law.

    Working Conditions : Frequent Minimal physical effort such as sitting, standing and walking. Occassional moving and lifting equipment and furniture is required to support onsite and offsite meeting setup and teardown.

    Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.

    Employer Rights : Employer Rights : This job description does not list all of the job duties of the job. You may be asked by your supervisors or managers to perform other duties.

    You may be evaluated in part based upon your performance of the tasks listed in this job description. The employer has the right to revise this job description at any time.

    This job description is not a contract for employment and either you or the employer may terminate at any time for any reason.

    Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form