Senior Application Security Tester
Technology is at the heart of YOOX NET-A-PORTER GROUP and is the driving force behind its success. Our in-house technology team allows The Group to give customers and brand partners the best possible experience across content and commerce, and to continually innovate and lead the online luxury industry.
Role Purpose :
As an Senior Application Security Tester within the Red Team, you’ll be responsible for identifying security weaknesses within YNAP’s enterprise and e-commerce systems and advising project teams on how to resolve them.
You’ll need in-depth technical knowledge of both network and application security testing, latest offensive security techniques and the ability to communicate issues and risks clearly to a non-technical audience, working well both autonomously and as part of a team.
Key Responsibilities :
Seek out security vulnerabilities and configuration weaknesses within all technologies used across YNAP (Mobile / Infrastructure / Application security testing);
Conduct Code review (JS, .NET);
Manage all security tests life cycle : prepare, organise, deliver and report;
Collaborate with other teams to ensure a smooth execution of testing activities;
Advise technical teams about security risks, and effective ways to remedy them;
Build strong and productive relationships with members of other teams across the business and between countries;
Provide Information Security advice and guidance to project teams;
Support and advocate for the Security strategy.
Skills & Experience :
Hands-on security testing experience, spanning both infrastructure and application assessments;
Hands-on security testing experience against internal and external facing corporate infrastructures;
Strong knowledge of Windows, Linux and (preferably) MAC OS security including formulating best practices;
Understanding of Security architecture both from a penetration testing and design point of view;
Relevant security testing qualifications such as OSCP, GIAC, SANS, CREST, TIGER or equivalent;
Detailed and up-to-date knowledge of threat and vulnerability management techniques and tools
Good scripting and (preferably) programming knowledge, plus the ability to automate common tasks;
Ability to work autonomously with little or no supervision, and also as an effective team member when required;
Previous experience collaborating with development or systems-administration teams to resolve security issues;
Good report writing skills and the ability to communicate with stakeholders at all levels;
An inquisitive / outside-of-the-box thinking mind-set and passion for security research;
Knowledge of MITRE ATT&CK Framework will be a plus;
Fluent in both English and Italian;