The driving force behind our success has always been the people of AspenTech. What drives us, is our aspiration, our desire and ambition to keep pushing the envelope, overcoming any hurdle, challenging the status quo to continually find a better way. You will experience these qualities of passion, pride and aspiration in many ways — from a rich set of career development programs to support of community service projects to social events that foster fun and relationship building across our global community.
The Role
The Senior Application Penetration Tester will enhance our vigilant protection of applications by performing penetration tests to validate product resiliency against emerging threats. This role will assist in prioritization, pen test planning, execution, reporting, findings remediation tracking, and support developer remediation. Penetration testing will help validate security requirements, designs, and controls across desktop applications, web applications, and cloud applications.
The key objective is to drive Application Penetration Testing during the Secure Development Lifecycle. Key security practices which are part of the Secure Development Lifecycle include: Product Security Requirements, Risk Assessments, Threat Intelligence, Threat Models, Secure Architecture/Design Reviews, security scanner triage, vulnerability management, product security emergency response support, and support for the Security Champion Program.
Under the direction of the VP of Product Security, this role is a key member for day-to-day operations of Product Security at Aspen Technology. This role will be a thought leader to help provide actionable findings, reproduce vulnerabilities, provide best practices to development teams, and provide support to strategic security initiatives.
Your Impact
Drive Application Security Pen Test planning, execution, reporting, findings remediation tracking, and support developer remediation.
Drive Application Security penetration testing across the AspenTech Product Portfolio.
Monitor emerging attacks, threat actors, and common application weaknesses.
Responsible for supporting the design, implementation, and oversight of Product Secure Development Lifecycle.
Maintain a deep understanding of current issues in the realm of information security.
Monitor security bulletins and alerts from all Aspen Technology's information system vendors.
Ability to assess security and potentially leverage Machine Learning and AI solutions.
Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security incidents.
Occasional after hours and weekend work to perform tasks that cannot be done during business hours.
What You'll Need
Bachelor's degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required.
8+ years of experience in IT required.
6+ years of experience in an information security role or experience with security and development teams.
Experience performing black/white/gray box penetration testing activities.
Ability to drive security Application Penetration Testing for applications on desktop, web deployments, and cloud environments.
Ability to manage penetration testing end to end.
Ensure security requirements are implemented within various stages of the system development lifecycle process.
Assist in the cultural awareness/adoption of application security best practices.
Experience with Penetration Testing, Application/Product Security, Risk Assessments, Threat Models, Secure Architecture/Design.
Experience with cloud solutions such as Azure and AWS.
Preferable exposure to ISA 62443-4-1, NIST 800-53, ISO 27001, ISO 27002, ISO 27017, Cloud Security Alliance (CSA).
Desired domain knowledge and/or certification: CISSP, CCSP, CSSLP, CEH, SANS GIAC, GCPN, GPEN, OSCP.
#J-18808-Ljbffr