Sr. Web Application Penetration Tester

Senior Security Engineer - IS07FE

We're determined to make a difference and are proud to be an insurance company that goes well beyond coverages and policies. Working here means having every opportunity to achieve your goals - and to help others accomplish theirs, too. Join our team as we help shape the future.

The Hartford's Information Protection (THIP) organization is looking for a talented individual to join a high-performing team of Application Security Engineers responsible for governing, managing and delivering our company's application cybersecurity defenses. As a Senior Web Application Penetration Tester, you will have an opportunity to shape the direction of our company's application penetration testing program by providing thought leadership, professional support, and valued contributions to our growing range of penetration testing activities. This role provides the right person with the opportunity to use their skills and expertise to drive meaningful improvements into the security posture of all application portfolios across our company.

• Plan and perform penetration tests on applications spanning all enterprise lines of business and portfolios
• Document findings and recommend remediation strategies
• Collaborate with application teams to ensure vulnerabilities are addressed effectively
• Develop exploits to demonstrate the potential impact of a successful attack
• Participate in broader attack simulation activities assessing systems including infrastructure, network, cloud, and IoT services
• Stay up to date with the latest technologies, testing methodologies, tools, security trends and threats

• 5+ years' experience assessing vulnerabilities across a large enterprise application portfolio
• 3+ years' experience performing application penetration testing to cover a broad range of enterprise web and mobile applications
• Strong understanding of web and mobile architectures and technologies including Single Page Applications (SPA), Multi-Page Applications (MPA), APIs, OAuth 2.0, JavaScript, Java and .NET frameworks
• Comprehensive knowledge of web and mobile application security vulnerabilities including OWASP Web Application, API and Mobile Top 10 lists
• Ability to effectively extend testing scope to include infrastructure, network, cloud and IoT services
• Strong reporting and communication skills
• Strong commitment to legal and ethical standards and behaviors
• Bachelor's degree from an accredited college or university in computer science, information security, or related field
• Certifications such as Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP) or Offensive Security Web Expert (OSWE) are highly desirable and preferred