Security Operations Engineer - Security Testing

The Role

As a Security Operations Engineer, you will analyze software designs and implementations from a security perspective and identify and propose resolutions to security issues. 

You will include the appropriate security analysis, tooling and techniques to uncover InfoSec vulnerabilities, both static and dynamically, in our software solution. 

Responsibilities Include:

• Build effective relations and engage in business security activities like vulnerabilities assessment, engage in third party penetration tests, DAST, SAST, security testing.
• Work with development and internal IT teams to ensure compliance to WTW security standards. 
• Manage and oversee ad hoc projects related to enhancing information and data security controls for business to meet compliance.
• Implement, test and operate advanced software security tools and techniques. Maintain technical documentation.
• Collaborate with other development teams to ensure that Security Testing activities provide the highest benefits. Help security/infosec move towards left in the SDLC.

The Requirements

• Proficient understanding of all aspects of information security principles, policy and its application in business and technology areas (at least 2 years of experience).
• 2+ years prior hands-on experience in a Security Engineer/Security Tester/Security Operations role. 
• Experienced in security testing and understanding of information security concepts for cloud-based applications. 
• Experience working in cross-functional virtual teams
• Effective communication and documentation skills
• Experience with client or internal stakeholder communication with respect to security assessments, controls, supporting client audit activities, third party penetration test etc.
• Client focus: ability to engage positively with WTW clients and business stakeholders. 
• Proficient in the use of security testing tools for SAST, DAST, SCA, security testing etc. (eg. – Invicti, Mend, SNYK, Checkmarx, CredScan, Burp Suite, OWASP ZAP, Qualys, etc.)
• Interest in all aspects of security research and development and assist in recommending testing tools for the team.
• Bachelor’s Degree in Computer Science, Engineering, Information Systems, or related field; 
• Experience with testing products and/or development in any of the following technologies: C#, SQL, Angular, jQuery, web services or similar.
• Knowledge on or exposure to compliance regulations like NYDFS, DORA, HIPAA etc. is good to have.