Manager-Penetration Testing

We are looking for Cyber Security(Penetration testing) Manager, please find the details below:

What does Penetration Testing Manger do at Fiserv?

As an experienced member of our Cyber Security Group you will be responsible for performing security assessments on Fiserv products and Guiding the Application teams on remediating the issues. Along with this you will be providing technical guidance, support, and training to enhance team members' skills and knowledge.

What You Will Do:

• Team Leadership: Lead, mentor, and manage a team of application-level penetration testers, fostering a collaborative and innovative team culture. Provide technical guidance, support, and training to enhance team members' skills and knowledge.
• Penetration Testing Strategy: Develop and execute a comprehensive application-level penetration testing strategy aligned with organizational security goals. Coordinate with stakeholders to identify testing requirements and prioritize assessments. Continuously improve testing methodologies and tools.
• Project Management: Plan, schedule, and track penetration testing projects, defining scopes and objectives. Manage resources effectively and identify potential risks, developing contingency plans as needed.
• Technical Execution: Conduct advanced application-level penetration tests, vulnerability assessments, code reviews, and security architecture reviews. Identify and exploit security weaknesses, presenting findings to relevant stakeholders.
• Reporting and Documentation: Prepare detailed penetration testing reports, including identified vulnerabilities, recommended mitigations, and risk assessments. Collaborate with teams to ensure timely remediation of identified vulnerabilities. Maintain accurate and up-to-date documentation.
• Compliance and Standards: Ensure penetration testing practices align with industry standards and regulations. Stay informed about changes in cybersecurity compliance frameworks and integrate them into the testing process.

• Web-Based Red Team Activities:

• Advanced Web Application Testing: Perform thorough assessments of web applications, identifying vulnerabilities like SQL injection, XSS, CSRF, etc.

• Scenario-Based Attack Simulations: Design and implement complex attack scenarios to assess defense mechanisms and response protocols.
• API Security Testing: Evaluate the security of web application APIs, identifying weaknesses and authentication/authorization flaws.
• Active Directory Assessment: Test the security of the Active Directory environment, identifying privilege escalation opportunities.
• Mobile Application Security: Collaborate with mobile app testers to evaluate the security of web-service interactions.

What You Will Need to Have:

• Bachelors degree in computer science, Information Security, or related field.
• 10+ years of experience in cybersecurity, with a strong focus on web application security and penetration testing.
• Previous experience in managing penetration testing teams and project management.
• Strong process & tools knowledge to integrate security tools into development, CI/CD pipeline
• Certifications: CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional), GWAPT (GIAC Web Application Penetration Tester), CPENT (Certified Penetration Tester) or equivalent certifications are highly desirable.
• Proficient in web application vulnerabilities, testing tools, and methodologies.
• Knowledge of security standards, compliance frameworks, and industry best practices.
• Strong communication, problem-solving, and leadership skills.

What Would Be Great to Have:

• Knowledge of various open security tools such as proxies, fuzzers.
• Prove ability to mobilize & motivate teams, set direction & approach , resolve conflicts , deliver tough msg with grace.