Spok is looking for a security test engineer to join our growing team in “greenfield” development. We are looking for someone who has a passion for world-class software development, has a deep understanding of offensive security techniques, information security practices, and has knowledge across a wide range of technology stacks. This person will join us in caring about the customers who trust Spok to protect and secure their data. In this position you will be a key member of the team in communicating potential targets, security weaknesses, exploits, and vulnerabilities to our business and technical teams using both technical and non-technical terms that the business understands.
You might be a good fit if you enjoy learning new things, thinking outside the box and have an innate curiosity of how things work and how to solve problems.
Essential Duties and Responsibilities:
Define security testing approach and plan by working closely with architects and developers to ensure appropriate artifacts are built into test plans
Test and verify software security in compliance with technical reference architecture
Configure, run and monitor automated security testing tools
Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary
Troubleshoot and communicate issues that arise
Perform security research, analysis, and testing via threat modeling, vulnerability assessment, source code analysis, penetration testing, and/or social engineering across different applications, platforms and systems
Clearly outline and document risk impacts of test findings in reports
Present findings to bring all stakeholders to a common understanding of the security issues, risks, its impact and remediation plan
Revise documents as tactics and technics evolve to address new and emergent threats and trends
Educate our product teams on security best practices
Provide guidance on different areas of security technology, including: network security, platform security, authentication/authorization systems, application security, policy enforcement, and security frameworks
Proactively protect the integrity, confidentiality, and availability of information processed by and/or in the custody of the organization
Bachelor's degree from a four-year college or university in Computer Science or Information Technologys or related field; or equivalent combination of education and experience.
5-7 years hands on security testing or development experience
Must demonstrate passion for identifying and exploiting vulnerabilities
Knowledge of open source security testing standards and projects, including OWASP
Understanding of cloud computing models, technologies and concepts
Proven experience working with modern penetration testing tools and methods
Experience with Network, Application, Web, Mobile, Cloud, Social Engineering pen concepts
Experience using scripting languages (Ruby, Perl, Python, PHP, etc.)
Experience using C++, JAVA, C#
Excellent documentation and reporting skills
Industry savvy, and has an ability to work independently or as part of a dynamic collaborative team
Recognized industry certifications in penetration testing preferred. (E.g. CEH, GPEN, OSCP CEPT or CISSP)
Prior experience with security audits/reviews, vulnerability assessment and risk assessment
Experience with AWS or Azure environments, dev ops, and automation
Experience with Docker or other container technologies
Experience working in an agile environment
Clinical/Healthcare experience is a plus
Spok, Inc., a wholly owned subsidiary of Spok Holdings, Inc. (NASDAQ: SPOK), headquartered in Springfield, Va., is proud to be the global leader in healthcare communications. We deliver clinical information to care teams when and where it matters most to improve patient outcomes. Top hospitals rely on the Spok Care Connect® platform to enhance workflows for clinicians, support administrative compliance, and provide a better experience for patients. Our customers send over 100 million messages each month through their Spok® solutions. When seconds count, count on Spok. For more information, visit spok.com or follow @spoktweets on Twitter.