Application Security- Pen Tester

Summary

Data has never been more valuable and vulnerable. As cybercriminals become more sophisticated and regulations more strict, organizations struggle to answer one key question: "Is my data safe?"

At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe the most practical approach is protecting data from the inside out. We've built the industry's first fully autonomous Data Security Platform to help our customers dramatically reduce risk with minimal human effort.

At Varonis, we move fast. We're an ultra-collaborative company with brilliant people who care deeply about the details. Together, we're solving interesting and complex puzzles to keep the world's data safe.

We work in a flexible, hybrid model, so you can choose the home-office balance that works best for you.

We are looking for an Application Security – Pen Tester to join the Application Security team responsible for Varonis' application security.

The successful candidate will be responsible for contributing to our Cloud/On-prem strategic security program.

Responsibilities:

• Conduct on-going Penetration testing activities across all Varonis platforms and services
• Identify and facilitate remediation of application and cloud security exposures and vulnerabilities
• Work to obtain the right mandate to ensure no new Varonis products or services are launched without the appropriate security controls
• Take a part in development lifecycle and integration of security features into all phases of software design and development
• Manage, aggregate, triage and track Vulnerabilities identified by external Assessors.
• Assist in implementing Security Testing tools (Dynamic, Static and Runtime) in the Varonis Testing pipeline
• Assist in defining testing scenarios for the Continuous Integration tests to cover identified vulnerabilities
• Work closely with R&D to enhance application security on all layers

Requirements:

• 3+ years of hands-on experience in Penetration Testing for application and cloud environments.
• Thorough understanding of cyber security frameworks, such as NIST CSF, CIS CSC
• Understanding of Cloud)AWS & Azure) technologies and SaaS environments
• Experience with web & application security, familiar with OWASP frameworks, solutions, and initiatives
• Experience with security solutions such Vulnerability scanners, and DAST solutions and more
• Experience with Container and K8s
• Experience conducting application penetration testing.
• Technical experience in network security technologies or security operations with a proven ability to engage and drive product and engineering priorities
• Work with the business to identify, capture, escalate, and close security vulnerabilities found in Varonis products.
• Leverage tools to deliver vulnerability information back to the development organization for remediation.
• Coordinate security risk assessments for new products & solutions through the risk assessment team.
• Maintain a risk register and risk visual with clearly defined owners for each risk.
• Contribute to product/solution security frameworks and standards to reduce development cycle of new products and services and to ensure consistency across the different products and platforms.
• Develop, institute, and maintain cloud security architecture standards

Advantages

CISSP, CISM, CCSP, CEH, OSCP is an advantage

Interfaces:

• Partner with key product & solutions development leaders to ensure security is incorporated in all customer-facing product offerings.
• Build solid working relationships with business stakeholders to maintain and improve product and application security processes.
• Partner with architecture and development leaders to develop shared software frameworks to enable consistent application of secure coding best practices across the enterprise.
• Research latest security best practices when it comes to device/instrument/IoT, staying current on new vulnerabilities and threats, and ensure these are addressed in Varonis' products and services.

We invite you to check out our Instagram Page to gain further insight into the Varonis culture

@VaronisLife

Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.