Test Principal Engineer, India-R&D
Bengaluru, IndiaJob ID R74078 Date posted Nov. 14, 2018
Job Title: Test Principal Engineer, India-R&D
Dell provides the technology that transforms the way we all work and live. But we are more than a technology company — we are a people company. We inspire, challenge and respect every one of our over 100,000 employees. We also provide them with unparalleled growth and development opportunities.
About Business Unit:
We are here to deliver the best in class product quality and rich customer experience; we are the last leg in the Validation cycle before the Product is launched to the market. We’re a team of expert engineers responsible for the development of all test cases and test tools to ensure the functionality and compatibility of our products. We’re involved in the end to end testing process from preparing test and diagnostic programs to recommending changes to design for the system under test.
- Lead the security testing strategy for Platform Validation
- Analyzing requirements, arriving at test approach/test plan design and writing detailed security test cases for features and validating the test cases for its correctness.
- Lead security testing education strategy to teach other engineers at Dell how to find and address security issues in products
- Lead security testing engagements with product teams and mentor engineers on security testing methodologies and techniques
- Ability to clearly articulate & report security anomalies found in application with all the relevant inputs needed.
- Track and do defect management from logging to closing.
- Document and share with the product teams which issues are discovered including the steps to reproduce them
- Work with developers and Validation engineers drive logging and closure for discovered security issues
- Work on provide product teams with scripts and tools used to produce the issues
- Research and deploy the cutting edge testing tools that help advance security testing
- Expertise in configuration audit or vulnerability assessment for the Servers/Configurations under test
- Engineering degree in Computer Science or equivalent
- 8 years plus of relevant experience require
- Strong expertise in understanding, analyzing and leveraging Web and Network Scan reports (ex: reported by Nessus & Qualys) and reporting issues as appropriate
- Intrusive testing skills like SQL Injection, Command Injection, SSL Cert Validations.
- Strong Knowledge of Security Compliance and Adherence practices (OWSAP, STIG hardening, FIPS, Common Criteria) is a must
- Web Security testing skills like Cookie overriding, Session hijacking, Cross site Scripting (XSS), Cross Site Request Forgery (CSRF)
- Help development team reproduce issues logged in field or by penetration testers
- Must be quickly able to learn and adapt new trends in security testing and able to train the internal team as appropriate.
- Subject Matter Expert on software vulnerability types and exploitation
- Experience performing application black-box and white-box penetration testing preferred
- Knowledge of how to test code and applications across various platforms (Linux, Windows, etc.) for security issues
- Be able to think like an attacker and make sure that Dell products are ready to stand up to current and future attacks
- Master in networking and protocols to the packet level using packet sniffing tool called Wireshark. In depth understanding of various protocols – e.g. HTTP
- Hands on with tools – Nessus, nmap, Burp, etc.
- Hands on with Security tools and product – Fortify, AppScan etc.
- Ability to perform Vulnerability analysis and reverse engineering
- Have a desire and drive to learn new stuff. This is a must to keep up to date with latest industry trends in security domain
- Should possess any of the below or any Penetration Certification
- CEH: Certified Ethical Hacker
- CPT: Certified Penetration Tester
- CEPT: Certified Expert Penetration Tester
- GPEN: GIAC Certified Penetration Tester
- OSCP: Offensive Security Certified Professional
- CISSP: Certified Information Systems Security Professional
- GCIH: GIAC Certified Incident Handler
- GCFE: GIAC Certified Forensic Examiner
- GCFA: GIAC Certified Forensic Analyst
- CCFE: Certified Computer Forensics Examiner
- CREA: Certified Reverse Engineering Analyst
We offer highly competitive salaries, bonus programs, world-class benefits, and unparalleled growth and development opportunities — all to create a compelling and rewarding work environment.
Our Culture Code unites us and makes us a great family of companies and a great place to work. It’s how we run the business, go to market, work together and provide inspirational leadership.
Our culture code is defined by our values and are made real every day by defining expectations for how we work and how we lead.
Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Dell here.