Cyber Security Sys Engineer/Pen Tester

Back

Cyber Security Sys Engineer/Pen Tester

@ CGI

Position Description:

  • The CGI Federal Offensive Security Group’s Application Security Engineering team supports a wide variety of enterprise DevSecOps processes within CGI Federal's full portfolio of Agile Release Trains.
  • We are seeking a professional Penetration Tester with a strong background in API testing of multiple proprietary and custom-coded applications throughout their SDLC.
  • Our clients include multiple Federal and State Agencies, local governments, and many US-based corporations.
  • This role works with traditional, mobile, web, and enterprise applications across the full spectrum of business requirements including health, financial, communications, record creation, case management, and more.
  • This is a dynamic role that will allow the new member to grow their existing skills and develop new knowledge, skills, and abilities.


Your future duties and responsibilities:

  • Perform manual and automated vulnerability assessments on API endpoints.
  • Perform DAST and SAST application security testing techniques using automated tools and manual testing (i.e., Burp Suite, OWASP ZAP, WebInspect, HP Fortify, OWASP Dependency Checker).
  • Create exploit proof of concepts and report vulnerabilities to applications PMs and developers.
  • Identify application security weaknesses and write recommendations for preventing or fixing them.
  • Serve as SME for multiple projects at the same time.
  • Review code for common security vulnerabilities.
  • Support and consult with product and development teams in the area of application security.
  • Perform vulnerability scans on container environments.
  • Assist team and clients to adapt security testing requirements into Continuous Integration/Continuous Deployment (CI/CD) pipeline(s).
  • Provide specialized support to the CGI Federal Red Team as needed


Qualifications:

Required qualifications to be successful in this role:

  • 3+ years API security testing KSA and experience.
  • 3+ years dynamic and static application penetration testing (DAST and SAST) of software in development.
  • Familiarity with penetration testing tools and tradecraft within on-premises, cloud, and containerized software instances.
  • Conversant and knowledgeable on cybersecurity best practices, the practices themselves, where to find the practices, and a willingness to employ the practices.
  • Firm understanding and support of the principals of ethical hacking.
  • Strong written and verbal skills. Must be able to express security finds to both technicians and non-technical project managers.


Desired qualifications/non-essential skills required:

  • 2+ years on a Federal Agency’s penetration testing or red team.
  • Experience with security testing for HIPPA compliance.
  • Experience with security testing for financial sector compliance
  • Expresses willingness to work in a team environment (meaning work together in real-time on an engagement or plan in-person or remotely).
  • CI/CD security testing experience.
  • Experience assessing and testing the security of containers and the application within them.
  • Ņ+ years software development and testing (any language) or 5+ years defensive cyber operations for Federal clients.
  • Demonstrated continuous learning such as recently updated personal Git repos, Hack The Box or TryHackMe dashboards showing recent activity, earned and maintained cybersecurity (either in general or tool-specific) certifications.


Skills:

  • Application Development
  • Ethical Hacking


How to Apply:

Apply online at https://www.cgi.com/en/careers

Visit Site to Apply

Location: Lafayette, LA
Date Posted: June 18, 2024
Application Deadline: July 18, 2024
Job Type: Full-time