Sr Penetration Tester

Posted 14 Hours Ago
Be an Early Applicant
Mexico City, Cuauhtémoc, Mexico City
Senior level
Software • Energy
The Role
The Senior Application Penetration Tester will lead penetration testing efforts, focusing on enhancing application security through testing, validation, and reporting. Responsibilities include executing security assessments, monitoring emerging threats, and supporting the Secure Development Lifecycle. The role requires collaboration with development teams to remediate vulnerabilities and implement best practices in security design and architecture.
Summary Generated by Built In

The driving force behind our success has always been the people of AspenTech. What drives us, is our aspiration, our desire and ambition to keep pushing the envelope, overcoming any hurdle, challenging the status quo to continually find a better way. You will experience these qualities of passion, pride and aspiration in many ways — from a rich set of career development programs to support of community service projects to social events that foster fun and relationship building across our global community.

The RoleThe Senior Application Penetration Tester will enhance our vigilant protection of applications by performing penetration test to validate product resiliency against emerging threats. This role will assist in prioritization, pen test planning, execution, reporting, findings remediation tracking and support developer remediation. Penetration testing will help validate security requirements, designs and controls across desktop application, web application and cloud applications.
The key objective is to drive Application Penetration Testing during the Secure Development Lifecyle. Key security practices which are part of the Secure Development Lifecycle include: Product Security Requirements, Risk Assessments, Threat Intelligence, Threat Models, Secure Architecture/Design Reviews, security scanner triage, vulnerability management, product security emergency response support and support the Security Champion Program.
Under the direction of the VP of Product Security this role is a key member for day-to-day operations of Product Security at Aspen Technology. This role will be a thought leader to help provide actionable findings, reproduce vulnerabilities, provide best practices to development teams, and provide support to strategic security initiatives.

Your Impact

  • Drive Application Security Pen Test planning, execution, reporting, findings remediation tracking and support developer remediation. Penetration testing will help validate security requirements, designs and controls across desktop application, web application and cloud applications.
  • Drive Application Security penetration testing across the AspenTech Product Portfolio. Provide actionable reports which teams can leverage for improving our application security posture.
  • Monitor emerging attacks, threat actors, attacker methods (tools, tactics, techniques, and procedures), security best practices, and common application weaknesses.
  • Responsible for supporting the design, implementation, oversight of Product Secure Development Lifecycle. Including aspects such as security requirements, secure architecture/design, risk assessments, threat models, security scanning, triage and vulnerability management, and product security validation/verification.
  • Maintains a deep understanding of current issues in the realm of information security. Subscribes to major industry newsgroups and mailing lists and assess the impact of all emerging issues on systems and practices at Aspen Technology.
  • Monitors security bulletins and alerts from all Aspen Technology’s information system vendors. Evaluates vulnerability impact and formulates and executes risk mitigation plans for product security.
  • Ability to assess security and potentially leverage Machine Learning and AI solutions. This may include OWAS Top 10 LLM, MITRE ATLAS, or Threat Modeling of ML/AI solutions. Where appropriate recommend opportunities to leverage AI in the Product Security Department.
  • Member of the AspenTech Security Emergency Response Team (ASERT) providing expert analysis of security customer reported security incidents. Works with information resource owners during and after security incidents; work with product teams for analysis; recommends best practices and solutions. Where appropriate, works with product teams, technology teams, client support and customer contacts.
  • Occasional after hours and weekend work to perform tasks that cannot be done during business hours.

What You'll Need

  • Bachelor’s degree (B.A./B.S.) or equivalent in computer science or technical equivalent discipline from an accredited college or university required.
  • 8+ years of experience in IT required.
  • 6+ years of experience in an information security role or experience with security and development teams. Relevant information security certifications preferred, including CISSP, CISM, CISA, CCSP, CSSL, CEH, Security+ and GPEN.
  • Experience performing black/white/gray box penetration testing activities manually and leveraging automation tools.
  • Ability to drive security Application Penetration Testing for applications on desktop, web deployments and cloud environments. This includes API’s across various technology stacks, including emphasis in cloud based testing methodologies.
  • Ability to manage penetration testing end to end. This includes assisting in the prioritization, pen test plan development, Pen test execution, pen test reporting, and pen test remediation treatment tracking.
  • Ensure security requirements are implemented within various stages of the system development lifecycle process; work closely with development teams to pen test new features within internally developed application as part of our secure development lifecycle. This could also include security integration testing across applications or with 3rd party technologies.
  • Assist in the cultural awareness/adoption on application security best practices, metrics, and strategy where possible.
  • Experience with Penetration Testing, Application/Product Security, Risk Assessments, Threat Models, Secure Architecture/Design, Security Scanning. (SAST, DAST, SCA, cloud security configuration scanning).
  • Experience with cloud solutions such as Azure and AWS - Experience with security policy, procedures, tools, services, and cloud security models.
  • Preferable exposure to the following: ISA 62443-4-1, NIST 800-53, ISO 27001, ISO 27002, ISO 27017, Cloud Security Alliance (CSA), Cybersecurity and Infrastructure Security Agency (CISA), SANs, OWASP, CWE 25.
  • Desired domain knowledge and/or certification: CISSP, CCSP, CSSLP, CEH, SANS GIAC, GCPN, GPEN, OSCP.

Top Skills

Penetration Testing
The Company
HQ: Bedford, MA
2,466 Employees
On-site Workplace

What We Do

AspenTech is a global leader in asset optimization software helping the world’s leading industrial companies run their operations more safely, efficiently and reliably – enabling innovation while reducing waste and impact on the environment. AspenTech software accelerates and maximizes value gained from digital transformation initiatives with a holistic approach to the asset lifecycle and supply chain.

By introducing effective AI modeling to traditional principles of process engineering, AspenTech delivers a faster and more accurate analysis of efficiency and performance boundaries. The real-time data and actionable insights delivered by our software help customers push the boundaries of what’s possible.

Similar Jobs

Warner Bros. Discovery Logo Warner Bros. Discovery

Contract Administrator, Syndication

Artificial Intelligence • Digital Media • Gaming • Machine Learning • News + Entertainment • Software
Hybrid
Mexico City, Cuauhtémoc, Mexico City, MEX
40000 Employees

Warner Bros. Discovery Logo Warner Bros. Discovery

Senior, SAP Basis System Administrator

Artificial Intelligence • Digital Media • Gaming • Machine Learning • News + Entertainment • Software
Hybrid
Mexico City, Cuauhtémoc, Mexico City, MEX
40000 Employees

Warner Bros. Discovery Logo Warner Bros. Discovery

Sr. Administrator, SAP Business Objects

Artificial Intelligence • Digital Media • Gaming • Machine Learning • News + Entertainment • Software
Hybrid
Mexico City, Cuauhtémoc, Mexico City, MEX
40000 Employees

Warner Bros. Discovery Logo Warner Bros. Discovery

Sr. Administrator, SAP Business Objects

Artificial Intelligence • Digital Media • Gaming • Machine Learning • News + Entertainment • Software
Hybrid
Mexico City, Cuauhtémoc, Mexico City, MEX
40000 Employees

Similar Companies Hiring

bet365 Thumbnail
Software • Gaming • eSports • Digital Media • Automation
Denver, Colorado
6100 Employees
Jobba Trade Technologies, Inc. Thumbnail
Software • Professional Services • Productivity • Information Technology • Cloud
Chicago, IL
45 Employees
InCommodities Thumbnail
Renewable Energy • Machine Learning • Information Technology • Energy • Automation • Analytics
Austin, TX
234 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account