Major League Baseball Looking for Web Application Penetration Tester at Remote Full Time

Not provided by employer

Loading survey

The web application penetration tester assists the srOffensive security engineer with preparing, executing, and reporting on authorized penetration tests against web applications and related apisHelp mature the web app security lifecycle of business-critical web applications used by millions of consumers and thousands of baseball employees.

Major responsibilities

Apply and obey applicable statutes, laws, regulations, and internal policies, act with integrity and respect.
Conduct authorized penetration testing on new and updated web applicationsVerifying our web applications meet the owasp application security verification standard (asvs) by executing critical parts of the owasp web security testing guide (wstg)
Routinely perform reverse engineering, static, dynamic, and interactive analysis when penetration testing various web applications and underlying frameworks and services.
Perform code reviews and submit pull requestsOpen and track jira ticket lifecycles.
Proactively analyze web security risk and propose actionable remediation stepsEffectively communicate results to different audience types.
Examine real-world exploitation attempts, implement security improvements; apply virtual waf patches, and tune advanced security rules per app.
Communicate new developments, breakthroughs, challenges, and lessons learned to the team and internal and external customersCollaborate with developers, conveying unbiased and technical knowledge through software requirements to enhance application development.
Create playbooks for security testing, document security configurations, and research and communicate best practices to mlb and its clubs.
Assists in analysis and takedown of illegal streaming services/apps.
Remain current with relevant owasp/mitre att&ck adversary tactics and techniques to identify threats during escalated security incidentsStay apprised of relevant news and trends in the information security industry and share with the team.

Requirements

We are looking for a skilled web developerProfessional training and certification in web security are a plus.
Ability to execute tasks with high accuracy and thoroughness, maintain confidentiality while dealing with sensitive information.
Completed a master`s or bachelor`s degree in information technology, information security, cybersecurity, computer science, or a related field/equivalent knowledge and experience.
Obtained relevant web security certifications(e.g., sans gweb, offensive security oswe, pentester academy, crest, portswigger, comptia, etc.) or can prove equal skills during an interview.
Strong written and oral communications skillsAbility to explain technical concepts to audiences at different levels.
Extensive knowledge of crypto, authentication, and authorization protocols and standards, including ssl/tls, saml, oauth, jwt tokens, is requiredSame for security headers like cross-origin resource sharing (cors) and content security policy (csp).
Iast tool experience is required(e.g., burp suite pro, zap)
Experience building software solutions using programming languages like java, node.js, go, and python is a plus.
A high degree of comfort interacting with/reverse engineering rest or graphql apis is a plus(e.g., fiddler, postman, paw, insomnia)
Experience with api or mobile penetration testing is a plus.
Experience as a highly technical information security consultant is a plus.

Why mlb?

Major league baseball (mlb) is the most historic of the major professional sports leagues in the united states and canadaEmployees love working at mlb because of the culture of growth, teamwork, and professionalismEmployees who are most successful at mlb take initiative, know how to identify problems and provide solutions, and always put the team firstFor those ready to step up to the plate and join the major leagues, mlb takes the same approach as teams do with their players: empowering our `workforce athletes` to be at their best by engineering experiences that put employees in the best position to succeedMajor league baseball is looking for candidates who are passionate about growing america`s pastime to best serve its fans for decades to come.

Mlb`s vision is to be the global sport of choice for youth to play, fans of all backgrounds to enjoy and a desired destination for employmentWith a belief that the journey to growth and greatness is ongoing, mlb gives employees the opportunity to continue learning and honing their skills with programs such as: tuition reimbursement; mentorship programs; lunch and learns; online course subscriptions; paid industry certifications; business resource groups; and more.

Mlb provides its employees with exceptional medical, dental, and vision coveragePremiums are 100% employer covered to help employees focus on being their best!

Are you ready to step up to the plate? apply below!

Major league baseball is proud to be an equal opportunity workplaceWe are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran statusWe also consider qualified applicants regardless of criminal histories, consistent with legal requirementsIf you have a disability or special need that requires accommodation, please let us know.

All in-office and ballpark-based positions are subject to mlb`s mandatory covid-19 vaccine policy

Hiring insights

Job activity

Posted 30+ days ago