HD Supply Security Engineer - Web Application Testing in Atlanta, Georgia
HD Supply (NASDAQ:HDS) (www.hdsupply.com) is one of the largest industrial distributors in North America. The company provides a broad range of products and value-add services to approximately 500,000 customers with leadership positions in maintenance, repair and operations and specialty construction sectors. Through approximately 260 locations across 36 states and six Canadian provinces, the company's approximately 11,000 associates provide localized, customer-driven services including jobsite delivery, will call or direct-ship options, diversified logistics and innovative solutions that contribute to its customers' success. With an active commitment to the communities in which we operate, HD Supply associates are part of a thriving organization that supports the virtues of wellness, diversity and inclusion – all of which are top priorities for the company. Equally as important is empowering our associates to grow professionally while providing competitive benefits and compensation. If you’re ready to find a rewarding career and achieve your full potential with a growing industry leader, HD Supply is ready for you!
Job Description & Qualifications
Provide assistance in day-to-day security and audit compliance operations for IT Security Services group, primarily focusing on technology issues.
Major Tasks, Responsibilities and Key Accountabilities
Serves on the Computer Security Incident Response Team (CSIRT) to helps plan and participate in regular incident response drills. Initiates security response procedures when a problem is detected. Resolves incident tickets addressed to Security team.
Updates Computer Security Incident Response Team (CSIRT) documentation and procedures.
Deploys security related products and projects. Manages and reviews log data from servers, network devices and workstations.
Reviews user access to production systems and applications. Performs daily reviews of OS and network changes. Works with System Engineers and administrators to deploy patches and address vulnerabilities.
Maintains security related servers including maintenance on security servers applying patches to OS and updating packages and applications.
Manages security objects to include SSL Certificates, PGP and private keys, system passwords, anti-virus, spyware and malware solutions, and identity management.
Maintains procedures and devices in compliance with Sarbanes Oxley, PCI regulations and other regulatory authorities as required by business.
Nature and Scope
Demonstrates skill in data analysis techniques by resolving missing/incomplete information and inconsistencies/anomalies in more complex research/data.
Nature of work requires increasing independence; receives guidance only on unusual, complex problems or issues. Work review typically involves periodic review of output by a supervisor and/or direct customers of the process.
May provide general guidance/direction to or train junior level support or professional personnel.
Located in a comfortable indoor area. Any unpleasant conditions would be infrequent and not objectionable.
Most of the time is spent sitting in a comfortable position and there is frequent opportunity to move about. On rare occasions there may be a need to move or lift light articles.
Typically requires overnight travel 5% to 20% of the time.
Education and Experience
- Typically requires BS/BA in a related discipline. Generally 2-5 years of experience in a related field OR MS/MA and generally 2-4 years of experience in a related field. Certification is required in some areas.
Preferred Qualifications & Job Specific Details
2+ years of professional experience in Information Security or a related field.
1+ years of professional experience specifically performing web application / penetration testing.
Possesses a general understanding of security technologies, including SIEM, DLP, IDS/IPS, firewalls, and many other security controls.
Experience with Object-Oriented Programming Languages such as Java, Python, C#, etc.
Familiarity with web technologies such as JS and REST.
Strong working knowledge and experience performing SAST and DAST activities.
Experience working with Linux and Microsoft Windows Server operating systems.
Strong understanding of OWASP Top 10 and Web Security Test Guide.
Experience in detecting, exploiting, and mitigating common web application security vulnerabilities.
The ideal candidate will have junior to mid-level application security experience, with a focus on web application technologies. The candidate should also be able to:
Successfully perform manual functional test to verify web-based enterprise software solution, data integrity, security and overall usability.
Demonstrate strong communication (written and verbal) and analytical skills and can quickly get up to speed on technical and security-related content.
Accurately and clearly document system defect reports that are delivered to cross-functional teams as well as enterprise leaders.
Participate in the use of established test processes and methodologies.
Partner and collaborate with cross-functional teams, leadership, and stakeholders across the enterprise.
Display the analytical and planning skills necessary to manage, prioritize, and execute multiple requests with competing priorities.
Additional Skills and Attributes:
Ability to work well in teams.
Establish effective working relationships with stakeholders while dealing with competing priorities.
Is a balanced and strong communicator: poised, organized, and empathetic, approaching situations thoughtfully.
Has a solution-oriented mindset, with the ability to exercise professional judgment.
Able to gather information from many sources and put it into context for the appropriate audience while providing insightful and unique compromises or solutions.
Capable of anticipating needs and provide clarity on expectations.
Desired but Not Required:
Security Certifications such as Security+, GISF, SSCP, CEH, PenTest+, etc.
Experience with IBM WebSphere Commerce
Cloud Security (Google, Azure)
CI/CD Security Automation
Proficiency with Burp Suite Pro, Microfocus Fortify
Experience with NodeJS, Angular, ASP.NET
Conceptual understanding of Agile development
Job Locations US-GA-Atlanta | US-FL-Orlando
Posted Date 2 months ago (1/12/2021 2:31 PM)
Job ID 2021-41041
Business Unit Corporate GSC
Functional Area Information Technology
Remote Position? No
Position Type Full-Time
Posting Location : Postal Code 30339
HD Supply is an Equal Opportunity Minority/Female/Individuals with Disabilities/Protected Veteran and Affirmative Action Employer. HD Supply considers for employment and hires qualified candidates without regard to age, race, religion, color, sex, sexual orientation, gender, gender identity, national origin, ancestry, citizenship, protected veteran or disability status or any factor prohibited by law.