Descripción
Switzerland - Zürich
Information Technology (IT)
Group Functions
Job Reference \#
292449BR
City
Zürich
Job Type
Full Time
Your role
Do you have experience in performing penetration testing? Do you like to test complex applications and find ways around security controls? Do you have proven ability to report and to provide guidance for software teams to remediate vulnerabilities?
We-re looking for experienced penetration testers to:
- perform manual penetration testing against web, thick-client and mobile applications
- perform manual penetration testing against critical infrastructure (e.g. Active Directory, LDAP)
- identify and report vulnerabilities using common methodologies
- extensive knowledge of OWASP
- communicate with application teams on how to remediate certain vulnerabilities
- knowledge of a variety of technologies and tools, such as Burp Suite, DAST, Azure cloud
- participate in process improvements and automation.
- perform technical QAs, including false-positive analysis and risk rating reviews.
Your team
You-ll be working in the Application Security Testing team in Zurich, Switzerland .You-ll be supporting the Application Security Framework. This benefits our Technology Services, specifically within Application Security Testing.
As a penetration tester, you-ll play an important role in identifying and reporting vulnerabilities in critical UBS applications, including key public banking applications. You-ll communicate with application teams to define the scope of work and execute your tests in a responsible way. You-ll be in contact with all the latest technologies and tools to identify new vulnerabilities and risks that could expose the bank. You-ll participate in improvement and automation of internal processes. You-ll perform technical QA of performed internal tests.
Your expertise
- ideally 5-7 years of hands-on experience in penetration testing web, thick-client and mobile applications
- hands-on experience with testing critical infrastructure such as AD, Azure AD and LDAP
- ideally certifications in hacking, such as OSWE, OSCP, CompTIA Security+, CISSP, Burp Suite Certified Practitioner
- proficient with Microsoft o365 suite - specifically focused on PowerPoint, Excel, Outlook, etc.
- great attention to detail and the ability to problem solve
- ability to solve issues, good at problem statement analysis and solution design thinking
- track record of explaining technical issues to application teams and assisting them in resolving issues
- ability to properly document vulnerabilities and to produce penetration test report
About us
UBS is the world-s largest and the only truly global wealth manager. We operate through four business divisions: Global Wealth Management, Personal & Corporate Banking, Asset Management and the Investment Bank. Our global reach and the breadth of our expertise set us apart from our competitors..
We have a presence in all major financial centers in more than 50 countries.
How we hire
We may request you to complete one or more assessments during the application process. Learn more
Join us
At UBS, we embrace flexible ways of working when the role permits. We offer different working arrangements like part-time, job-sharing and hybrid (office and home) working. Our purpose-led culture and global infrastructure help us connect, collaborate, and work together in agile ways to meet all our business needs.
From gaining new experiences in different roles to acquiring fresh knowledge and skills, we know that great work is never done alone. We know that it's our people, with their unique backgrounds, skills, experience levels and interests, who drive our ongoing success. Together we-re more than ourselves. Ready to be part of \#teamUBS and make an impact?
Disclaimer / Policy Statements
UBS is an Equal Opportunity Employer. We respect and seek to empower each individual and support the diverse cultures, perspectives, skills and experiences within our workforce.