We are looking for a Security Testing Engineerto join our dynamic team.

This role will be responsible for conducting security tests within the Quality Assurance team. This position involves planning and conducting security testing of all applications as part of quality assurance as well as advising teams on security controls that need to be implemented.

The role requires the tester to be able to learn new technologies “on-the-fly" to be able to perform an in-depth analysis of the security posture of many different applications. The tester will also be tasked with using custom and automated software for various engagements.

The candidate will produce detailed reports of their findings along with guidance for remediation and will be responsible for delivering those findings to subject matter experts as well as other teams.

• Provide assurance through collaboration with other stakeholders that applications, APIs, websites and mobile applications meet the security requirements before they are deployed to production.
  
• Perform security tests on applications, APIs, websites and mobile applications.
  
• Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses.
  
• Search for weaknesses in common software, web applications, mobile applications and proprietary systems before they are discovered by hackers.
  
• Research, evaluate, document and discuss findings with IT teams and management.
  
• Review and provide feedback for information security fixes.
  
• Stay updated on the latest malware and security threats.

Essential:

• Bachelor’s Degree in Computer Science, Information Systems or other related field, or equivalent work experience
• Certification in Cybersecurity

Desirable:

• Additional course or certification in Quality Engineering
• Certification in Ethical Hacking, Vulnerability or other aspects of IT security testing such as CEH or equivalent.

• Basic programming skills required (basic knowledge of common programming languages used for application development).
  
• Knowledge of API security testing and API frameworks.
  
• In-depth knowledge of vulnerability testing/security assessment tools used.
  
• In-depth knowledge of open-source security testing tools and security testing frameworks.
  
• Unix and Linux knowledge required.
  
• Ability to “think like the enemy” in order to combat the full range of techniques and strategies that hackers might employ, or even anticipate new ones.
  
• Comprehensive knowledge of computer security, systems analysis and more.
  
• Insight into how hackers exploit the human element to gain unauthorized access to secure systems.
  
• A clear understanding of how computer security breaches can disrupt business, including the financial and managerial implications.
  
• Exceptional problem-solving skills.
  
• Strong analytical skills, able to leverage complex data to identify opportunities, recognize problems, and draw logical conclusions.
  
• Communication and documentation skills to compile reports to document and share your findings.

• 3 to 5 years of experience in general cybersecurity
• 2 years of hands-on experience in vulnerability assessments.
  
• Experience in performing security assessments in Cloud environments (AWS, Azure, Google).
  
• Understanding of defensive controls and how to bypass/evade them.
  
• Experience in using and customizing commercial and open-source security assessment and security testing tools such as Metasploit and Burp Suite.
  
• Experience in one or more computer programming and scripting languages with the ability to create or customize tools as needed.
  
• Experience with open security testing standards and projects such as OWASP and SANS Top 25.
  
• Experience with API, web and mobile application or systems testing is required.
  
• Familiarity with the following:
  ○ Database, cloud, and web security testing.
  ○ Secure web and application development practices.
  ○ Analyzing and debugging API frameworks.
  
• Experience in manual and automated vulnerability scanning and security testing.
  
• Understanding of web-based security vulnerabilities, ability to identify and exploit them (e.g. XSS, CSRF, session management issues, etc.)
  

Desirable but not required:

• Experience in mobile (iOS/Android) application security assessments.
  
• Experience in Internet of Things (IoT) security.
  
• Experience in Bug Bounty programs.

• Must speak, read and write fluent Norwegian
• Norwegian citizenship 
• Applicants must be based in Oslo or within travelling distance to Oslo

Life at Expleo

Balance is a big deal here. Balance is what our people expect in their working lives. We’ll give you the freedom to make your mark with your work, whilst enjoying your wider interests too. That’s the winning formula.

Professional Development

Expleo enables you to acquire and develop the right skills by providing access to the Expleo Academy which hosts a suite of accredited training courses. At Expleo, whatever your skill-set or your background, you will find a global community of like-minded individuals that share a love for technology and the eagerness to discover new ways. Whatever your career stage, you can expect opportunities to grow your expertise and convert your talent into meaningful impact.

Environment and Technology

Expleo is proud to announce that we have moved to a new office based in the Oslo City Centre. We place huge value on the exceptional talent and problem-solving ability of our people. As a business we believe in collaboration, trust and transparency which contributes to an enjoyable working atmosphere. We offer a chance to get involved with inspiring technology focused projects and personal development in new and emerging technologies such as RPA, AI and Automation.

Agile Focus

Expleo Norway is currently building an expert team in Agile Organizations to help our clients on a digital and agile transformation journey and are looking for people who would like to be a part of building an awesome team of experts! Our projects will be primarily focused on helping organizations deliver major change and adopt agile ways of working to achieve strategic goals more quickly and effectively.

Benefits

You will get 5 weeks of vacation, a competitive Pension and Insurance program with additional Health insurance programs. Additional benefits include a cell phone, computer and a supported lunch offering for the canteen on-site and a competitive salary package.