The Information Security team has the herculean task of assuring that customers can safely shop with peace of mind knowing their data and information will be safe and secure
Solving some of the most unique cyber security problems in the industry, our team members share an elevated level of creativity and ingenuity to secure data for the largest retail operation in the world
Walmart continues to grow an elite Information Security team
We are part of Security Testing and Analysis team in Information Security division of Walmart
Our Application Pentest Team comprises of some of the best beautiful minds, and they possess highly skilled Pentesting acumen
We have a huge responsibility to cover the security testing of all Walmart Products and Solutions across the globe
We are responsible for Application Penetration Testing, which includes - APIs, Web, Mobile, Network etc for all non-PCI, PCI, HIPAA, GDPR and other environments
What youll do :
Develop exploits and customized proof of concepts for diverse targets and tech stacks.
Develop and utilize advanced tools for penetration testing and exploiting vulnerabilities.
Research, learn, and continuously improve skills to emulate attacker tactics, techniques, and procedures
Influence technical and business strategies by articulating technical risk associated with key business solutions
Provide security and vulnerability remediation expertise to technology stakeholders and partners
Continuously improving the Pentest methods an checklist.
Adopt automation on Pentest suites for improved efficiency.
Mentor and share knowledge with other security practitioners and technology stakeholders
Assist in the implementation of advanced security technology solutions by conducting feasibility studies, proof of concept, product comparison, and/or optimization analyses; participating in project artifact and technical reviews; challenging suppliers to improve technology; and researching technology and software development for secure information technology solutions.
Maintain and advances security expertise by reviewing new technologies; maintaining knowledge of current security standards (for example, NIST 800-53, ISO27001, Cloud Security Alliance); participating in continuing education and training (for example, relevant industry certifications, forums); and maintaining expert level knowledge of enterprise technologies.
What youll bring:
7+ years Information Security experience
5+ years expert experience executing penetration testing/ethical hacking against IoT, embedded systems, cloud-based technologies, mobile, hardware, APIs, web applications
Advanced-level experience security testing in dynamic enterprise cloud environments
Strong technical knowledge around web application security: ability to identify and reproduce reported vulnerabilities, as well as assess contextual risk.
In-depth knowledge of security fundamentals, including OWASP Top 10 and other common application security vulnerabilities. The Web Application Hacker s Handbook is a great resource to be familiar with.
Possess one or more of these credentials: OSCP, OSWE, GXPN, GWAPT, GPEN (preferred but not required)
Experienced with severity ratings systems, and ability to calculate CVSS ratings for identified vulnerabilities based on an understanding of each customer s threat model.
Familiar with vulnerability disclosure and bounty programs, including: confidentiality and disclosure processes, the importance of clear and quick communication between hackers and customers, program policies, etc.
Ability to prioritize and organize operationally complex work, with great attention to detail.
Strong ability to identify and exploit security gaps/vulnerabilities on endpoint devices, applications and networks.
Exposure and understanding of enterprise solutions from a functional and security perspective.
Preferred development skills (be able to understand the issue from a dev perspective and discuss fix with dev teams).
Top notch communication skills: need to be able to firmly, yet politely, respond to non-issues, as well as identify legitimate issues and communicate them to security teams in an easy to understand format. And ability to articulate and translate security and risk management terminology in business terms.