PENTEST ANALYST

We’re the obstacle overcomers, the problem get-arounders. From figuring it out to getting it done…our innovative culture demands “yes and how!” We are UPS.  We are the United Problem Solvers.

ABOUT INFORMATION SECURITY AT UPS TECHNOLOGY: Our top-notch Information Security team quickly finds and responds to real time threats. These critical-thinkers have a hunger to keep ahead of new exploits and security trends. They protect the vast trove of valuable data that passes through our servers each day. As a part of UPS InfoSec, you’ll continue to uphold our reputation for integrity in this growing and ever-changing field.

ABOUT THIS ROLE:

The PENTEST ANALYST participates in methodical processes designed to perform advance security assessments (i.e., blackbox, greybox, and whitebox assessments) that include footprinting/information reconnaissance and employing detection avoidance during exploitation to provide undetected compromise of enterprise information systems. They'll perform assessments to validate existing defense in depth methods, identify security gaps and document solutions for missing security controls.  This position follows procedures and methodologies prescribed for advance security assessments.  The PENTEST ANALYST performs advanced assessments via vulnerability assessment tools and procedures.  They'll help find gaps, produces findings and communicates "need to know" information to drive resource actions and decisions, provides recommendations and ensures awareness of risk.

DUTIES WILL INCLUDE:

• Supervises the operation and maintenance of the UPS vulnerability assessment program
• Acts as first-level subject matter expert in the domains of application vulnerability assessment and remediation
• Frequently identifies opportunities to improve existing processes
• Proactively identifies gaps in vulnerability assessment coverage and takes action to close gap
• Supervises vendor managed vulnerability assessment service providers
• Identifies opportunities for improvement in vendor supplied and domestic application vulnerability assessment toolsets and manages improvements, defect remediation and enhancements in those products
• Monitors Information Security industry standards to recommend improvements to management
• Responds and assesses application security events and conducts analysis as directed by management
• Assists in the day to day operation of Information Security vulnerability assessment solutions including Trustwave AppScanner, Portswigger Burp-Suite, Qualys and Nessus
• Assists in the investigation of breaches of security to identify system vulnerabilities, to reduce service losses and to facilitate prompt remediation
• Utilizes specialized tools to troubleshoot application security vulnerabilities
• Supports, supervises and/or produces high-level management reports such as Balanced Scorecard
• Off hours work often required

EXPERIENCE / SKILLS:

• Knowledge in identification, assessment and remediation of application vulnerabilities listed in the OWASP Top Ten
• Knowledge in UPS Secure Application Development Standards
• Knowledge in UPS Application Vulnerability Assessment Policy
• Ability to quickly map an identified vulnerabilities to an optimal remediation action
• Ability to perform all phases of web application vulnerability assessment
• Ability to perform all phases of web service vulnerability assessment
• Experience with application vulnerability assessment systems including Portswigger Burp-Suite and Trustwave AppScanner
• Experience with vulnerability management systems including Qualys, Nessus
• 1 to 2 years Information Security experience
• Experience with application and database development
• Knowledge and experience in various application threat vectors
• Strong technical, analytical and troubleshooting skills including ability to analyze a problem/project quickly and accurately
• Strong verbal and written communication skills including technical, group and interpersonal communication
• Effective public speaking and presentation skills
• Ability to maintain confidentiality is required
• Demonstrated ability to work well with other UPS teams to achieve required results
• Organized, methodical, attention to detail and ability to meet and exceed tight deadlines
• Ability to organize, prioritize and multitask concurrent work efforts
• Ability to recognize opportunity for process improvement and suggest action
• Advanced knowledge of data security practices, procedures and standards
• Strong planning, organizational and customer service skills
• Demonstrates ability to take initiative and exercise discretion

PREFERRED QUALIFICATIONS:

• The desired PENTEST ANALYST will possess a degree in Computer Science, Information Systems, Mathematics, Statistics or related field or the equivalent in education, certification and work experience.  Information Security related certification (GSEC, Security+, etc.) a plus.

This position offers an exceptional opportunity to work for a Fortune 50 industry leader. If you are selected, you will join our dynamic technology team in making a difference to our business and customers. Do you think you have what it takes? Prove it! At UPS, ambition knows no time zone.

UPS is an equal opportunity employer. UPS does not discriminate on the basis of race/color/religion/sex/national origin/veteran/disability/age/sexual orientation/gender identity or any other characteristic protected by law

Founded on a $100 loan in 1907, 2 teenage boys opened up a messenger service in a 6 by 17 foot office located just below the sidewalk on Second Avenue and Main Street in Seattle, WA. Messengers ran errands, carried notes, hand baggage, and delivered trays of food for customers. They also delivered packages, traveling by streetcars and bicycles for longer trips, and later using motorcycles.