Penetration Testing

BMC Software is looking for a motivated and skilled individual to join the Product Security Group. This is a senior technical position in the team. The candidate will be responsible for engaging with various product teams on security architecture reviews, SaaS security, penetration testing.

A penetration tester plays a crucial role in safeguarding an organization's digital assets and information by proactively identifying and addressing security weaknesses. This role requires a high level of technical expertise, ethical conduct, and a commitment to continuous improvement in the field of cybersecurity.

Roles and Responsibilities:

• Conduct thorough vulnerability assessments of applications and systems using various tools and techniques.
• Execute penetration tests to simulate real-world cyberattacks, identifying weaknesses and vulnerabilities.
• Provide expert guidance on application security best practices.
• Research and develop new penetration testing methodologies, tools, and techniques.

Qualifications & Skills:

• 2+ years of experience in product security (web, mobile, API, cloud, infrastructure, and container security) or equivalent skillset.
• Penetration testing experience is essential; prior participation in bug bounty programs is a plus.
• Proficiency with hacking tools and penetration testing frameworks (e.g., Metasploit, Burp Suite, Nmap, Wireshark).
• Expertise in web application security testing, including knowledge of OWASP Top Ten vulnerabilities.
• Experience identifying and assessing vulnerabilities such as SQL injection, XSS, CSRF, and more.
• Proficiency in exploiting vulnerabilities to gain unauthorized access and assess attack impact.
• Understanding of vulnerability scoring systems (e.g., CVSS) for prioritizing findings.
• Ability to think creatively and analytically to identify and exploit vulnerabilities.
• Strong problem-solving skills when encountering unexpected challenges during testing.
• Excellent verbal and written communication skills for conveying technical details to both technical and non-technical stakeholders.
• Meticulous attention to detail in documenting findings and creating reports.
• Effective time management skills to meet project deadlines and testing schedules.
• High level of integrity and professionalism, with the ability to work under pressure while maintaining confidentiality.

Preferred Skills:

• Hands-on technical experience with cloud security solutions for leading cloud service providers (e.g., AWS).
• Experience with secure code review (SAST) tools for languages such as C/C++, Java, and Python, and relevant frameworks.