Security Engineer

SHR Consultancy

We are looking for a Security Engineer for SONY's Global Application Security Services team located in Istanbul reporting to Sony Electronics, Global Information Security.

The Sony spirit is about freedom, no limits, empowerment, innovation, imagination, autonomy, creativity and choice. With business operations all over the globe, we provide high quality lifestyle products offering entertainment through technology. 

This role will be about conducting hands on security testing, preparing reports and helping customers with the remediation of found vulnerabilities. The ideal candidate will be helping with internal process improvements and will be part of technical Research & Development at Security Testing domain. Also you will be helping the junior test engineers’ improve their skills.

Key Responsibilities: 
Planning

• Develop and document security test plan and procedures.
  
• Devise methods to automate testing activities and streamline security testing processes.
  
• Read and analyze global security policies and adjust internal requirements accordingly.
  

Pen Testing

•  Conduct hands-on security testing, analyze test results, document risks, and recommend countermeasures.
  
• Elaborate security tests and deliver written reports suitable for viewing by clients.
  
• Develop an understanding of subject systems and applications into security test plans.
  
• Actively participate in technical exchange meetings.
  

Research & Improvement

• Assist in evaluating and developing relevant Security policies and guidance.
  
• Researching, evaluating and developing relevant Security Testing tools and methods.
  
• Review and make security recommendations on application-level documentations like; requirements specifications, system architecture, design documentation, test plans, security plans, etc.
  
• Participate with internal PenTest related research topics.
  
• Help the junior PenTest engineers develop their technical skills.
  

QUALIFICATIONS

The ideal candidate should be able to demonstrate:

• Bachelor’s Degree in Computer Engineering or a related technical discipline, or the equivalent combination of education,
  
• Minimum 4 years of experience in Application/Infrastructure Penetration testing,
  
• Knowledge of various application architectures,
  
• Core experience and profound knowledge in application and infrastructure security testing,
  
• Strong understanding and hands on experience on application and infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques,
  
• Strong Understanding of OWASP, WASC 2.0 Threats classification,
  
• Strong understanding of cryptography,
  
• Experience with standard security tools such as MetaSploit, SQLMap, Nmap, Owasp ZAP, Burp Suite etc.,
  
• Understanding of networking, networking protocols and their uses,
  
• Experience with web vulnerability assessment tools such as IBM Appscan, Acunetix, Netsparker, Arachni etc.,
  
• Experience with network/infrastructure vulnerability assessment tools such as Nessus, Qualys etc.,
  
• Experience with establishing penetration testing procedures and processes,
  
• Strong written and verbal communication skills with the ability to interpret and fully explain the programming impact of vulnerabilities as well as any recommended remediation
  
• Flexibility and adaptability to work in a growing, dynamic, global team with a strong customer-oriented attitude.
  

Pluses:

• Understanding of server/client side application development, new server/client side languages like node.js, angular.js etc.,
  
• Experience with performing code review, wireless and firewall assessments,
  
• Technical knowledge in network security products, cryptographic suites and network/application firewalls,
  
• Experience in evasion techniques to bypass firewalls, and intrusion detection,
  
• Experience with mobile application and operating system testing,
  
• Knowledge in scripting (any language) and experience in automation scripts for application security testing,
  
• Hands on experience in security testing of service, Mobile applications, APIs etc., 
  
• Knowledge in Application Architecture Review, Threat modeling concepts,
  
• Certifications from Offensive Security and SANS like OSCP, OSEE, GPEN, GXPN,
  
• Certifications which are crest approved,
  
• Active participation is bug bounties,
  
• Speaker/presenter in security conferences,
  
• Testing automation.

“According to General Data Protection Regulation (GDPR) in Turkey, it is forbidden to share your personal data with anyone. Please note that you are giving your consent to share your personal information with Sony by just applying this post!” 

Firmamız Türkiye İş Kurumu'nun 17.11.2018 tarih ve 579 numaralı izin belgesi ile faaliyet göstermektedir.