IQVIA™ is the leading human data science company focused on helping healthcare clients find unparalleled insights and better solutions for patients. Formed through the merger of IMS Health and Quintiles, IQVIA offers a broad range of solutions that harness the power of healthcare data, domain expertise, transformative technology, and advanced analytics to drive healthcare forward.
Sr Security Engineer(PenTesting)
Department: Global Information Security
Location: Warsaw, PL
Reporting to: Manager, Information Security
ROLE AND RESPONSIBILITIES
You will become part of the Global Information Security team delivering services across whole company's landscape. You will contribute to success of the Information Security Operations work stream.
The role itself presents an unique opportunity to develop your offensive hacking skills by execution of exercises focused on assessing security of web applications. Considering that a backbone of your daily operations you will also have a possibility to engage in completing goals defined in penetration testing of network elements, mobile applications, OS builds and in future - participate in red teaming exercises.
You will be responsible for conducting technical security assessments of web applications following penetration testing and vulnerability scanning methodologies, also scoping elements of underlying network infrastructure.
The primary responsibilities are:
- Involvement in full vulnerability scan/penetration project lifecycle (scoping meeting, execution, reporting, closure meeting, supporting requestors with resolving issues)
- Execution of vulnerability scans and penetration tests of web-based content (standalone APIs and applications)
- Depending on skills and/or desired career development - participation in penetration testing of various other subjects
- Follow-up on identified vulnerabilities until closure
The additional responsibilities are:
- Manual review of world-wide appearing threats in terms of their applicability and impact on company's environment
- On-need involvement in vulnerability management and patch prioritization activities
EXPERIENCE AND SKILLS
Required skills and experience:
- Three years of hand-zone in security testing of web applications
- Generic knowledge of how Internet works (examples are protocols, services, ports, connections, devices or ISO/OSI layers)
- Self-written exploits, tools, scripts or security-related articles/posts are a strong plus
- Know-how of testing mobile applications is a strong plus
- Know-how of scripting and Linux is a plus
- Excellent communication skills, including ability to communicate across countries and cultures
- Ability to work under own initiative, and enthusiasm to drive through change and multi task
- Ability to exercise high level of confidentiality when dealing with highly sensitive information
- Commitment to ongoing professional development
- Minimum Bachelor's degree in computer science, computer engineering, or information technology
- Minimum 4 years of cybersecurity-related work experience (includes two years of hand-zone experience with testing web-based applications)
- At least 1 security certificate: GPEN, CISSP, OSCP.
The position may require occasional domestic and international travel of approx. 15%.
Making a positive impact on human health takes insight, curiosity, and intellectual courage. It takes brave minds, pushing the boundaries to transform healthcare. Regardless of your role, you will have the opportunity to play an important part in helping our clients drive healthcare forward and ultimately improve outcomes for patients.
Forge a career with greater purpose, make an impact, and never stop learning.
Job ID: R1055047