Lead Penetration Tester

at Berkley in Wilmington, Delaware, United States

Job Description

Berkley Technology Services (BTS) is a dynamic company committed to providing world class IT services. We offer a unique culture, enabling our team members to be on the cutting edge of technology while delivering high quality solutions. Our functions include working with various third parties to develop, integrate, and support insurance systems of WRBC’s operating units. BTS strives to provide these functions in a holistic manner including helpdesk support, system connectivity, and operational support. Additional responsibilities include coordinating communications regarding best practices in the use of our supported systems and researching new technology. BTS is constantly growing and expanding to meet the changing demands of one of the most successful insurance organizations in the world.

The information security analyst will work as an integral component of the company’s Application Security team. The incumbent will focus on application penetration tests, automated ethical hacking, and static source code analysis within the SDLC. The candidate will be accountable for establishing consensus with stakeholders to reduce cyber risks while minimizing broader operational impact.

+ Drive development of a holistic application security program

+ Conduct manual ethical hack assessments of high risk web applications

+ Rate the severity of defects and publish comprehensive reports detailing associated risks and mitigations

+ Support broader vulnerability management processes to measure exploitability of vulnerabilities more precisely

+ Reduce the cost of vulnerability remediation by identifying defects early within development lifecycle

+ Good understanding of security processes, procedures, & tools.

+ Capable of performing security reviews of general purpose operating systems and network devices.

+ Ability to work in teams to improve security posture

+ Clearly organize work load to be able to project manage remediation activities

+ Proven understanding of OWASP top 10 vulnerabilities.

+ Good grasp on popular CMS frameworks and best practices.

+ Strong coding background with the ability to write scripts when needed.

+ Granular knowledge of HTTP request building/fuzzing and the ability to analyze traffic in a local proxy.

+ Strong understanding of XML, SOAP, and AJAX.

+ Ability to fully document vulnerabilities found within applications, tracking defects in Jira, using metrics to analyze and prioritize vulnerabilities for remediation.

+ Setup demonstration meetings with developers to understand the flow of applications.

+ Setup remediation meetings and vulnerability tracking before applications go into production.

+ Integrate developers with the SDLC process utilizing dynamic and static code review processes.

+ Proficiency in Linux (Kali) and the Metasploit framework and with common Kali standard tools such as nikto, dirbuster, sqlmap, nmap, etc.

+ Strong written and oral communication skills in order to define business and technical parameters and lead team to meet business requirements.

+ In-depth knowledge and experience with triage and investigation of vulnerability data.

+ Proven stakeholder management at technical and executive levels is a must.

+ Ability to work with regulatory, legal and security best practices including General Data Privacy Regulation (GDPR), NYS DFS 23 NYCRR Part 500, Sarbanes-Oxley (SOX), ISO 27001/27002.

+ Highly organized and detail oriented – able to function under pressure, trouble shoot, emplace structure where necessary and prioritize between competing activities.

+ Approachable and outgoing with excellent verbal and written communication skills.

+ This role will suit a candidate with experience working for smaller organizations where they have been highly visible to the business and where initiative and pro-activity are key.

+ Travel expected – minima

+ Ability to sit at a desk and work on a computer for extended periods of time.

+ May occasionally lift and/or move up to 10 pounds.

+ Vision abilities required by this job include close vision and ability to adjust focus.

The Company is an equal employment opportunity employer.

COVID-19 vaccine required unless prohibited by law.

Job ID: 2021-4749

Name: Berkley Technology Services LLC

Street: 101 Bellevue Parkway



Seniority Level:

Mid-Senior Level

Job Functions:

Information Technology

Employment Type:


To view full details and how to apply, please login or create a Job Seeker account
How to Apply Copy Link

Job Posting: JC180262840

Posted On: Mar 27, 2021

Updated On: Oct 20, 2021