Web Application Penetration Tester II

About NCR Atleos

NCR Atleos, headquartered in Atlanta, is a leader in expanding financial access. Our dedicated 20,000 employees optimize the branch, improve operational efficiency and maximize self-service availability for financial institutions and retailers across the globe.

Title: Web Application Penetration Tester II

Location: Atlanta, GA Hybrid)

*Will consider applicants for Frisco, TX office*

*Must be in office 3 days a week*

Eligibility: Please note that this position is not eligible for Visa sponsorship now or in the future. This restriction applies to all candidates for this position.

Web Application Penetration Tester

We are seeking a highly skilled Penetration Tester with specialized experience in web applications and banking systems. This role involves critical testing on hardware and machines used in banking, including ATMs. Experience with financial institutions is highly desirable.

Key Responsibilities:

• Comprehensive Penetration Testing: Conduct penetration tests across web applications, APIs, mobile devices, and banking hardware, including ATMs.
• Mobile Application Testing: Perform thorough security assessments on mobile applications.
• Hardware and ATM Testing: Execute penetration tests on hardware and installable applications, with a focus on banking machines and ATMs. This includes inspecting Stack installed on in most cases windows-based ATM. Additional testing will include firmware and low-level software on 3rd party hardware used on products.
• Cloud and Code Reviews: Conduct cloud configuration reviews and manual source code reviews in languages such as Java, C, and C++.
• Cloud Security Assessments: Perform security assessments on various cloud infrastructures, including Azure, AWS, GCP, and OCI.
• Exploiting Secure Networks: Utilize expertise in exploiting secure networks and systems to identify vulnerabilities.
• Security Audits: Conduct security audits, network penetration tests, and assessments of web applications, APIs, and cloud environments.
• Reporting: Provide detailed progress reports to development teams, stakeholders, and internal management.
• Travel: Travel up to 25% of the time.

Qualifications:

• Extensive Penetration Testing Experience: Proficient in both automated and manual penetration testing techniques, with a minimum of 3 years of manual web application testing.
• Mobile and API Testing: Demonstrated experience in testing mobile devices and APIs.
• Source Code Review: Skilled in manual source code review in Java, C, C++, or similar languages.
• Certifications: OSCP, GWAPT, GPEN, OSWE, or CEH certifications are strongly preferred.
• Banking Systems Expertise: Prior experience with banking systems and financial institutions is a significant advantage.
• Security Software Knowledge: Stay updated with the latest security software packages, protocols, and computer technologies.
• Network Protocols: Understanding of IP network protocols, sub-netting, routing, switching, etc.
• Tools: Kali Linux, Metaploit, Burp, Postman

Preferred Skills:

• Banking and Financial Security: Deep understanding of security challenges in the banking and financial sector.
• ATM Security: Experience in testing and securing ATMs and other banking hardware.
• Cloud Security: Expertise in conducting security assessments on cloud infrastructures such as Azure, AWS, GCP, and OCI.
• Network Exploitation: Proven ability to exploit secure networks and systems.
• Communication: Strong ability to communicate findings and recommendations effectively to both technical and non-technical stakeholders.

#LI-AD1

#LI-HYBRID

Offers of employment are conditional upon passage of screening criteria applicable to the job.

Full time employee benefits include:

• Medical Insurance

• Dental Insurance

• Life Insurance

• Vision Insurance

• Short/Long Term Disability

• Paid Vacation

• 401k

EEO Statement
NCR Atleos is an equal-opportunity employer. It is NCR Atleos policy to hire, train, promote, and pay associates based on their job-related qualifications, ability, and performance, without regard to race, color, creed, religion, national origin, citizenship status, sex, sexual orientation, gender identity/expression, pregnancy, marital status, age, mental or physical disability, genetic information, medical condition, military or veteran status, or any other factor protected by law.

Statement to Third Party Agencies

To ALL recruitment agencies: NCR Atleos only accepts resumes from agencies on the NCR Atleos preferred supplier list. Please do not forward resumes to our applicant tracking system, NCR Atleos employees, or any NCR Atleos facility. NCR Atleos is not responsible for any fees or charges associated with unsolicited resumes.