As the CISO Penetration Tester, you play a critical role in ensuring that Credit Suisse enhances the business value of internal applications through increased security and compliance with regulatory requirements by providing application security assessment services to internal clients globally, helping them to understand IT risk exposure in their area. A superb opportunity as the CISO Penetration Tester, you will be responsible for application security testing, which includes but is not limited to:

• Conduct manual penetration tests on applications to identify the vulnerabilities in different categories like input and data validation, integration, authentication, authorization, data access, session management, error handling, logging, encryption, and confidentiality
• Conduct Dynamic and Static Application Security Testing (SAST & DAST)
• Fine-tune SAST/DAST tools and processes according to policies
• Manual code reviews to find logic flaw which are not identify by automated tools
• Scope, schedule, and prioritize SAST/DAST assessments
• Providing details of the issues identified and the remediation plan to key partners
• Communicating and coordinating daily project activities within the project team and assure that priorities are developed and known
• Build penetration test and vulnerability assessment reports detailing exposures that were identified, rate the severity of the findings, and suggestions to mitigate any exposures and testing known vulnerabilities
• Training the development team on vulnerabilities, review issues, ease of exploitation, impact, security requirements and remedies for individual issues
• Update with the new hackings and latest vulnerabilities to ensure no such loopholes are present in the existing system by performing vulnerability assessment and pen testing for applications
• Architect, design, implement and run application security technologies, tools, and processes
• Integrate application security technologies into CI/CD pipelines for on premise and Cloud-native application development practices
• Continually improve application security assessment processes to keep up with the industry standard methodologies
• Pen-test service provider management (Oversight)

Your future colleague

The Chief Information Security Office (CISO) team is part of the first line of defense within Credit Suisse, whose mission is to ensure IT control objectives are set, efficiency is measured, and residual risks are handled. The CISO team operates globally, and you will support global initiatives. If you are an Application Security geek, who is looking for challenging career prospects, then apply and ignite your career by joining Credit Suisse! Become a Penetration Test Team member and be a part of exciting journey, driving bank-wide Cyber Security Strategy. We are a department which values Diversity and Inclusion (D&I) and is committed to realizing the firm's D&I ambition which is an integral part of our global cultural value

Your skills and experience

We are looking for an outstanding applicant who wants to grow a successful career in Application Security and wants to be a part of the ambitious & highly focused team.

Applicants must possess a Bachelor of Science degree - Information Technology, Cyber Security, Computer Science with an equivalent experience of 5-8 years' in Information / Cyber Security or Software development

• Proven experience of 10 + years' in Information Technology along with minimum of 3 years of coding experience
• Over 5-year experience pen testing financial applications regulated by banking regulations, and holding industry certifications like CREST, Offensive Security, SANS Institute
• Skilled in performing both manual and automated security testing for web, desktop, and mobile applications
• Expert at implementing and running SAST and DAST tools
• Worked with tools like HP Fortify, Checkmarks, Veracode, Burp Suite, Netsparker, Contrast as part of the penetration testing, on daily basis to complete the assessments
• Proficient in understanding application level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, cryptographic attacks, authentication flaws etc
• Detailed understanding of OWASP, SANS, PTES frameworks and common vulnerabilities and attack vectors
• Detailed understanding of the Secure Software Development Lifecycle and Cloud Security as it applies to AWS, Azure, GCP
• Robust software development and architecture skills
• Good teammate with excellent analytical, inter-personal, communication and written skills, problem-solving and trouble-shooting capabilities. Highly motivated and can adapt to work in any new environment
• Dedication to fostering an inclusive culture and value varied perspectives.