Senior Penetration Testing Engineer

Position Summary... What you'll do... About Team: The Information Security team has the herculean task of assuring that customers can safely shop with peace of mind knowing their data and information will be safe and secure. Solving some of the most unique cyber security problems in the industry, our team members share an elevated level of creativity and ingenuity to secure data for the largest retail operation in the world. Walmart continues to grow an elite Information Security team. We are part of Security Testing and Analysis team in Information Security division of Walmart. Our Application Pentest Team comprises of some of the best beautiful minds, and they possess highly skilled Pentesting acumen. We have a huge responsibility to cover the security testing of all Walmart Products and Solutions across the globe. We are responsible for Application Penetration Testing, which includes – APIs, Web, Mobile, Network etc for all non-PCI, PCI, HIPAA, GDPR and other environments. We are seeking a talented individual to assist us in the following areas: What you'll do : Develop exploits and customized proof of concepts for diverse targets and tech stacks. Develop and utilize advanced tools for penetration testing and exploiting vulnerabilities. Research, learn, and continuously improve skills to emulate attacker tactics, techniques, and procedures Influence technical and business strategies by articulating technical risk associated with key business solutions Provide security and vulnerability remediation expertise to technology stakeholders and partners Continuously improving the Pentest methods an checklist. Adopt automation on Pentest suites for improved efficiency. Mentor and share knowledge with other security practitioners and technology stakeholders Assist in the implementation of advanced security technology solutions by conducting feasibility studies, proof of concept, product comparison, and/or optimization analyses; participating in project artifact and technical reviews; challenging suppliers to improve technology; and researching technology and software development for secure information technology solutions. Maintain and advances security expertise by reviewing new technologies; maintaining knowledge of current security standards (for example, NIST 800-53, ISO27001, Cloud Security Alliance); participating in continuing education and training (for example, relevant industry certifications, forums); and maintaining expert level knowledge of enterprise technologies. What you'll bring: 7 years Information Security experience 5 years expert experience executing penetration testing/ethical hacking against IoT, embedded systems, cloud-based technologies, mobile, hardware, APIs, web applications Advanced-level experience security testing in dynamic enterprise cloud environments Strong technical knowledge around web application security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk. In-depth knowledge of security fundamentals, including OWASP Top 10 and other common application security vulnerabilities. The Web Application Hacker’s Handbook is a great resource to be familiar with. Possess one or more of these credentials: OSCP, OSWE, GXPN, GWAPT, GPEN (preferred but not required) Experienced with severity ratings systems, and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of each customer’s threat model. Familiar with vulnerability disclosure and bounty programs, including: confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc. Ability to prioritize and organize operationally complex work, with great attention to detail. Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications and networks. Exposure and understanding of enterprise solutions from a functional and security perspective. Preferred development skills (be able to understand the issue from a dev perspective and discuss fix with dev teams). Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format. And ability to articulate and translate security and risk management terminology in business terms. About Walmart Global Tech From entry-level to executive positions, Walmart provides limitless opportunities for growth, and career development. Walmart started small, with a single discount store and the simple philosophy of selling more for less. Today, we are a growing technology-enabled company founded on the same values as our first store. We establish clear expectations, empower associates to manage their work, and hold ourselves and one another to a high standard. Walmart's scale enables us to have an. No other company has the reach of Walmart, with 2.3 million associates worldwide and over 230 million weekly customers. Walmart is reshaping retail by investing in an expanding workforce. While technology is at the heart of our digital transformation, people are the reason we succeed and the force behind our innovations. We train our team in the skillsets of the future and bring in experts like you to help us grow. Flexible, hybrid work We use a hybrid way of working with primary in office presence coupled with an optimal mix of virtual presence. We use our campuses to collaborate and be together in person, as business needs require and for development and networking opportunities. This approach helps us make quicker decisions, remove location barriers across our global team, be more flexible in our personal lives.. Benefits: Beyond our great compensation package, you can receive incentive awards for your performance. Other great perks include a host of best-in-class benefits maternity and parental leave, PTO, health benefits, and much more. Equal Opportunity Employer: Walmart, Inc. is an Equal Opportunity Employer – By Choice. We believe we are best equipped to help our associates, customers and the communities we serve live better when we really know them. That means understanding, respecting and valuing diversity- unique styles, experiences, identities, ideas and opinions – while being inclusive of all people. Minimum Qualifications... Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications. Option 1: Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 3 years’ experience in penetration testing or related area at a technology, retail, or data-driven company. Option 2: 5 years’ experience in penetration testing or related area at a technology, retail, or data-driven company. Preferred Qualifications... Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications. Certifications in Security , Network , GISF, GSEC, CISSP, CCSP, or GPEN., Master’s degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 1 year’s experience leading information security or cybersecurity projects. Primary Location... G, 1, 3, 4, 5 Floor, Building 11, SEZ, Cessna Business Park, Kadubeesanahalli Village, Varthur Hobli , India About Walmart: Fifty years ago, Sam Walton started a single mom-and-pop shop and transformed it into the world's biggest retailer. Since those founding days, one thing has remained consistent: our commitment to helping our customers save money so they can live better. Today, we're reinventing the shopping experience and our associates are at the heart of it. You'll play a crucial role in shaping the future of retail, improving millions of lives around the world. This is that place where your passions meet purpose. Join our family and create a career you're proud of.