We are seeking a Security Penetration Testing Expert to join our Security Engineering team and take responsibility in performing security testing of applications, networks and infrastructures, including vulnerability assessments, penetration testing and manual testing techniques.

Role responsibilities:

• Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices.
• Automate penetration and other security testing on networks, systems and applications.
• Produce actionable, threat-based, reports on security testing results.
• Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation.
• Communicate security issues to a wide variety of internal and external “customers” to include technical teams, executives, risk groups, vendors and regulators.
• Work with SOC team members to reproduce security risks and help SOC team members to create incidents.
• Deliver the annual penetration testing schedule and conducting awareness campaigns to ensure proper budgeting by business lines for annual tests.
• Develop automation tool for penetration testing purpose.
• Act as a source of direction, training, and guidance for less experienced staff.
• Develop and maintain security testing plans.

Education, Qualifications, Skills and Experience

• 4 years experiences in penetration testing and relative field.
• Familiar with penetration testing tools like Burpsuite, Sqlmap, Metasploit, AWVS, Nessus, nmap etc.
• Proficient in SQL Injection, XSS， XXE， CSRF，SSRF and other web vulnerabilities, has success story in these fields.
• Hands on experience with testing frameworks such as the PTES and OWASP.
• In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, Scala, C#, Ruby, Perl, Python, PowerShell)
• Applicable knowledge of Windows client/server, Unix/Linux systems, Mac OS X, VMware/Xen, and cloud technologies such as AWS, Azure, or Google Cloud.
• Critical thinker and problem solver.
• Excellent organizational and time management skills.
• Bachelor’s Degree in computer information systems, Management Information Systems or similar relevant field.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.