Security Test Engineer/Infosec Analyst

Responsibilities include:

• Build effective relations and engage in business security activities like vulnerabilities assessment, engage in third party penetration tests, DAST, SAST, security testing.
• Lead the responses for the information security RFI/RFPs for various applications.
• Provide feedback on security contracts and client audits. 
• Support annual Segment self-assessment working with senior leadership in the team.
• Track the compliance with information security strategies when migrating applications into a cloud environment. Work with development and internal IT teams to ensure compliance to WTW security standards. 
• Manage and oversee ad hoc projects related to enhancing information and data security controls for business to meet compliance.
• Implement, test and operate advanced software security tools and techniques. Maintain technical documentation.
• Collaborate with other development teams to ensure that Security Testing activities provide the highest benefits. Help security/infosec move towards left in SDLC.

The Requirements

• Expert understanding of all aspects of information security principles, policy and its application in business and technology areas (at least 2 years of experience).
• 2+ years prior hands-on experience in a Security Engineer/Security Tester/Information Security Analyst role. 
• Experienced in security testing and understanding of information security concepts for cloud-based applications. 
• Experience working in cross-functional virtual teams
• Effective communication and documentation skills
• Experience with client or internal stakeholder communication with respect to security assessments, controls, supporting client audit activities, third party penetration test etc.
• Client focus: ability to engage positively with WTW clients and business stakeholders. 
• Proficient in the use of security testing tools for SAST, DAST, SCA, security testing etc. (eg. - Netsparker, Checkmarx, CredScan, Burp Suite, OWASP ZAP, Qualys, etc.)
• Interest in all aspects of security research and development and assist in recommending testing tools for the team.
• Bachelor’s Degree in Computer Science, Engineering, Information Systems, or related field; 
• Experience with testing products on any of the following technology: C#, SQL, Angular, jQuery, web services or similar.

Equal Opportunity Employer