Security Test Engineer

Accord Technologies Inc • Seattle, WA, US • 4m ago

Location: Seattle, WA – Hybrid (3 Days Onsite)

Contract Role (Loom for Near by candidates)

As a Security Engineer/Tester, you will be performing authorized security testing on some of the very complex, massive scale, and highly critical applications. You must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment. You need to be aware of a varied application security domains like authentication, authorization, identity management, cryptography, etc. As part of a shift left focus, you will be working part of the development team along with developers to proactively identify any security vulnerabilities (OWASP Top 10, SANS Top 25, CWE) at the earliest before they are discovered late in cycle by InfoSec teams or in production.

Required Skills

Primary Skill – Manual and automated testing (testing will be done on software)

Deep understanding of different web application technologies, web protocols (HTTP, HTTPS, etc.), browser technologies, etc.
In depth domain understanding of application security in terms of Identity and Access Management (IAM), different authentication technologies (passwords, biometrics, OTP, digital certificates & PKI, device authentication, FIDO U2F/Passkeys, etc.
Proven expertise on different security testing tools (Proxy tools like Fiddler, Black box security testing tools like Burp, Static Security Code analysis tools,
Deep understanding of different application security vulnerabilities such as OWASP Top 10, SANS Top 25, CWE, attack patterns (CAPEC), etc.
Bachelor’s degree in computer science or equivalent experience.
Must be self-directed, able to work independently, as well as work in a team-oriented and fast paced environment

Desired Skills

Working experience on different security technologies and standards like Single Sign On (SSO) using SAML/OpenID, OAuth protocols, etc.
Good understanding of Cryptographic algorithms and standards like Symmetric/Assymetric crypto techniques, digital signatures, JWS/JWE tokens, Hardware Security Modules (HSMs), etc.
Understanding of Security vulnerabilities related to Cloud environments is an added advantage.
Well known Security certifications is an added advantage
Understanding of Threat Modelling concepts and Secure Development Life Cycle processes.
Mobile Application Security familiarity is desirable.Qualified candidates should APPLY NOW for immediate consideration! Please hit APPLY to provide the required information, and we will be back in touch as soon as possible.