[LRUG] [JOBS] Application Security Tester
marc at 4armed.com
Mon Feb 8 07:02:00 PST 2016
This is not your average LRUG job posting but hopefully this is relevant to some of your interests.
TL;DR Evolve your career into IT security and start bringing home the (chunky) bacon testing the security of web applications and providing expert, real world advice to our diverse client base across Financial Services, SaaS, Gaming and more.
Are you interested in application security? We should talk!
4ARMED are recruiting for a full time security tester to join our small but growing professional services team providing penetration testing and application security consultancy and we’d love to hear from any developers who would be interested in moving into this kind of role. In our experience, some of the best security consultants are those who have been in the trenches, be that dev, ops or both. We pride ourselves on contextualised advice that is as meaningful and actionable as possible. We link issues back to root cause, identify potential systemic problems and recommend resolutions at that level, where possible. Who better to understand how to do this than those who have been there and had to do it themselves? Which is pretty much everyone on this list I would guess.
So, if you’re still reading and still interested, here’s the deal. You obviously need some level of skillz. Today isn’t the first day you’ve thought about sending questionable input to a web application (your own of course!). Today isn’t the first day you’ve read a vulnerability disclosure on a mailing list, looked into the fix and thought about how to develop and execute an exploit for it. Today isn’t the first time you’ve seen the OWASP Top Ten. It’s an itch that you want to scratch, it’s hacking - and not the horrible media misuse of the word - hacking like you know it. Good old fashioned taking it apart, seeing how it works, seeing how it can be “improved" hacking. We can help you scratch the itch. We will train and develop you of course, we have methodologies, we have quality management processes, we have all kinds of other ways to help your mastery of attacking a web application like a criminal would but we can’t teach curiosity. You have to bring the mindset yourself.
Worried about leaving coding behind? Don’t be. Coding is a big part of what we do, I personally write code every day, mostly Ruby but whatever is needed for the task at hand. We have plans for an internal client portal (Rails) which, if we can reasonably deliver in house, we will. We have a comprehensive application security testing lab environment with lots and lots of examples of different vulnerabilities in multiple languages. This gets updates and new exercises regularly and is used as part of our internal and external training but the plan is also to provide Pay-As-You-Play access to it later in the year. This will need a front-end to handle payments and fire up new instances of the various servers, etc. There’s loads of other shizzle going on too if you don’t have client work to keep you in mischief. Research time and projects are part and parcel of life as a security consultant with 4ARMED.
We also do lots of other things besides application security. PCI DSS and ISO27001 consultancy, infrastructure work, wireless assessments, drones and more so you’ll have lots to get your teeth into if you want to branch out.
Worried about money? Don’t be. Cyber security (as it seems to be called these days) is an industry that is growing fast but is highly specialised and suffering a skills shortage. The market rate is good (even by Ruby dev standards) and we recognise the value of the other experience you bring, even if it isn’t directly in security testing. We can also talk more about benefits like pensions, shares, etc offline.
Our office is in the lovely market town of Oundle, Northamptonshire (or will be come April when they finish building it), just over an hour from London on the train, close to Peterborough and not far at all from Cambridge. However, if you don’t fancy getting out of The City, seeing green stuff and breathing air that doesn’t taste of taxis (or you already live in such a place) you can work remotely.
By now you’ve either fallen asleep, consigned these bits to the Trash or gotten just a little bit excited. If it’s the latter, start by sending me an email explaining why you’re interested, include your CV so we can get a feel for your commercial experience (Don’t have a CV? Don’t have it with you? Haven’t updated it in a while? Don’t worry, bullet point highlights in an email is fine or a link to your LinkedIn profile) but we’re more interested in your code repo and anything like that you think will be relevant. Ping me any questions off list or give me a call if you like, ring the office number on our website at https://www.4armed.com/contact.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Chat