Application Penetration Tester

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect across the globe. We’re a diverse network of people driven by our shared ambition to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.

What you’ll be doing...

The Dynamic Application Security Pen Testing teams are a group of talented, creative thinkers who "act like the enemy" to focus on ensuring that web applications, mobile applications and APIs are secure by performing ethical hacking and penetration testing on the defenses Verizon has (and some 3rd parties have) created for applications accessed from both inside and outside of Verizon. These teams aren't a "copy and paste from a scan tool" reporting team, or a cookie cutter scanning with tools team, or a team that just monitors and supports security scanning tools used by developers. These teams are an Enterprise recognized and supported group of skilled, experienced and certified ethical hacking Verizon employees who are trusted to direct themselves with a lot of unknowns. They also use their skills to support Verizon Incident Response and Bug Bounty as well as to build/develop their own tools for reporting and automation for Dynamic Application Scanning for a Secure-SDLC.

• Participate in application layer penetration testing of key, critical web applications, including the exploitation of security vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF) and Unencrypted Authentication, methodologies, custom tests and tools to subvert the applications’ runtime or logical security controls to provide accurate assessments of Verizon’s application security posture across all LOBs and organizations.
• Conduct application layer security scans on apps not eligible for automation.
• Create security vulnerability reports for both technical and executive audiences.
• Identify and document basic security gaps or vulnerabilities in applications, and processes, and advise relevant stakeholders on the appropriate course of action to strengthen Verizon’s application security posture, under the guidance of Sr Engineers.
• Monitor and respond to user questions, requests and other messages via email or the slack help channels for Automated Scanning escalating to Sr. Engineers when necessary.
• Assist in creating and maintaining process and user documentation.
• Outline, organize and review KBs, methodologies, user instructions, etc. periodically to ensure usability and clear direction for team members and users.
• Assist in the development of scripts, tools, or methodologies to enhance Verizon’s dynamic application pen testing teaming processes.

What we’re looking for...

You'll need to have:

• Bachelor’s degree or one or more years of work experience.

Even better if you have:

• One or more years of application security experience.
• Three or more years of application development experience.
• Experience with system and application security threats and vulnerabilities and secure configuration management techniques, software debugging principles, software design tools, methods, and techniques, software development models (e.g., Waterfall Model, Spiral Model).
• Knowledge of secure coding techniques.
• Knowledge of application security, application security vulnerabilities and exploitation techniques.
• Some experience with software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, and simplicity/minimization).
• Knowledge of secure software deployment methodologies, tools, and practices.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of security architecture concepts and enterprise architecture reference models.
• Knowledge in discerning the protection needs (i.e., security controls) of information systems and networks.
• Knowledge of integrating black box security testing tools into quality assurance process of software releases.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Strong organization skills and demonstrated ability to manage multiple, often conflicting priorities to successful completion.
• Knowledge of the SDLC, continuous build systems and other software engineering methodologies/systems.
• eLearnSecurity certifications such as WAPT or MAPT, OSCP, GPEN, GCIH, GWAPT, or GXPN.

22CyberAPP

Equal Employment Opportunity

We're proud to be an equal opportunity employer - and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.

COVID-19 Vaccination Requirement

Verizon requires new hires to be fully vaccinated against COVID-19. Verizon provides reasonable accommodations consistent with legal requirements (e.g., for medical or religious reasons).