Job Description :

We’re looking for an Associate IT Security Engineer to help us push the boundaries of what education can offer through the power of technology. Education is our passion, and our team members bring that to work each day as they aim to advance learning in every region of the world. Blackboard is the world’s leading education technology company, providing dynamic products and services to the global education community. We’re focused on driving innovation in EdTech and working with our clients to create a smarter learning environment.   

As a member of our Information (or Application) Security team, you’ll work closely with development teams, product managers (PM), Site Reliability Engineers, and third-party groups (including the paid bug bounty program) to ensure that Blackboard products are secure.

Responsibilities :

• Performing Web Application, API, and Mobile Security Testing using both Manual and Automated Penetration Testing Methodologies
• Proactively identifying potential vulnerabilities through manual testing
• Supporting the bug bounty program by reviewing incoming vulnerability reports and reproduce issues, assessing the severity and impact
• Performing automated scan scenarios to ensure coverage of dynamic functionalities
• An Associate IT Security Engineer should be learning and developing secondary expertise in Blue Team activities other than regular Red Team activity
• Performing automation via code development and scripting
• Identifying remediation strategies and supporting implementation for vulnerabilities in products
• Staying abreast of newer trends in tools and technologies used for web application security

Required Qualifications:

• Experience in Cloud, Application or Mobile Security Domain
• Experience performing penetration testing as per OWASP Top 10, SANS Top 25, WASC, NIST and SANS Security Guidelines
• Knowledge of current information security threats
• Understanding of coding best practices and standards
• Knowledge of application development processes and at least one programming or scripting language

Required Qualifications:

• Hands-on experience with testing frameworks in line with Web Applications, Mobile Applications, Web Services/APIs, Thick-client, Network and Cloud (AWS preferred)
• Experience in both commercial and open-source tools like Burp Professional, Nmap, Kali, Metasploit, Fortify on Demand, etc.
• Experience in preparing a security threat model and associated test plans
• Good written and oral communication skills
• Critical thinking and problem-solving abilities
• Organized planning and time management skills
• Bachelor’s degree
• Certification on CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional)