Job
Description
Company description Resources is the backbone of Publicis Groupe, the world s third-largest communications group.
Formed in 1998 as a small team to service a few Publicis Groupe firms, Re:Sources has grown to 5,000+ people servicing a global network of prestigious advertising, public relations, media, healthcare, and digital marketing agencies. We provide technology solutions and business services including finance, accounting, legal, benefits, procurement, tax, real estate, treasury, and risk management to help Publicis Groupe agencies do their best: create and innovate for their clients. In addition to providing essential, everyday services to our agencies, Re:Sources develops and implements platforms, applications, and tools to enhance productivity, encourage collaboration, and enable professional and personal development. We continually transform to keep pace with our ever-changing communications industry and thrive on a spirit of innovation felt around the globe. With our support, Publicis Groupe agencies continue to create and deliver award-winning campaigns for their clients. Overview JOB SUMMARY: The position requires a candidate to support the Global Security Offices as an pentester to lead the application security assessments end-to-end in co-ordination among with team members and is responsible for assessing the security posture of various applications through rigorous penetration testing and vulnerability assessments, ensure delivering the quality output. This role involves identifying security weaknesses, drafting quality reports, providing actionable recommendations for mitigation, and working closely with development and operations teams to enhance overall application security. The responsibilities associated with the position are as follows: Conduct detailed penetration tests on web, mobile, thick clients, cloud native apps , APIs and network using automated tools and manual testing techniques. Classify and prioritize vulnerabilities based on risk and impact and provide detailed reports and documentation of findings, including proof of concept for identified vulnerabilities Perform secure review of application code for security weaknesses and recommend security improvements based on best practices and industry standards (e g, OWASP Top 10, SANS Top 25) Work closely with development teams to understand application functionalities and potential security risks and assisting developers in understanding vulnerabilities and implementing secure coding practices. Stay up-to-date with the latest security threats, trends, and technologies. Contribute to the development and enhancement of internal security testing tools and methodologies, review of internal SOP, process or procedural documentations. Active participation in exploring and evaluating new technologies and tools in the industry. Assit project team in guiding for the security best practices Mentor dev and QA community through driving security sessions, creating contents, articles, materials. ESSENTIAL JOB REQUIREMENTS: Bachelor s degree within a science or related discipline. 2+ years of relevant experience in vulnerability and penetration testing. Good understanding of OWASP Top 10 , SANS Top 25, OSSTMM, PTES, NIST standards Expertise and practical hands-on top industry Application Security testing tools like HCL AppScan, Checkmarx, Veracode, Burp Suite Having certifications like OSCP, OSWE, CEH are a plus. Good conceptual knowledge and practical hands-on on SAST, DAST, IAST, SCA and other type of testing relevant in software development Must have strong foundation of how application works and developed. Must have strong knowledge of security principles for secure software development such as cryptography, authentication techniques, protocols etc Having experience in DevSecOps, practical implementation of integrating security in SDLC is a plus Practical lnowledge of any programming and scripting languages (e g, Python, JavaScript, Java) Mandatory language skills (oral, written and listening) : English Additional information OTHER JOB REQUIREMENTS: Good communication, presentation skills and must be vocal Ability to work effectively and collaboratively with stakeholders Willingness to work with geographically dispersed teams; may involve working during non-business hours occasionally to accommodate time-zone differences A can do attitude team player who works well under pressure and with dispersed groups, worldwide Must be a self starter with strong organizational skills to enable navigation of the company to identify sponsors, stakeholders and interested parties
