We are looking for experienced security professionals who can help our clients achieve a secured environment for their applications and web information
- Perform Secure Code Reviews of the application code using both Automated and Manual approach.
- Conduct security assessments such as penetration and vulnerability tests
- Keep updated on knowledge of the IT security industry: including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques and tools
- Perform Blackbox/Graybox testing of Web/Mobile/Thick client applications
- Perform Network Vulnerability Assessments and Penetration Testing
- Risk Evaluation of observed vulnerabilities based on common risk scoring techniques such as CVSS
- Knowledge-share with team on techniques and results
- Create detailed report of findings and recommendations after testing is complete and present to stakeholders
- Coordinate with developers/stakeholders on the findings for appropriate fixes
- Stay up-to-date in current tools, techniques, and vulnerabilities to incorporate into testing practices
- Degree in Computer Science / IT Security or other related disciplines
- Should have an overall exposure and understanding of Application and Network Security testing
- Strong knowledge of the OWASP Top 10, OWASP Mobile Top 10, SANS top 25. Detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
- Experience in manual application penetration testing of web- based applications, thick- client applications, mobile applications, web services, API s etc.
- Experience in manual mobile application penetration testing on platforms like Android, IOS, etc both client and server side applications would be preferred.
- Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
- Experience in automated web application vulnerability scanners (e.g. Web inspect, Burp suite Pro, etc)
- Should have performed Black Box / Grey Box Application penetration testing.
- Good understanding of application protocols such as HTTP, SAML, OAUTH, OpenID Connect, etc.
- Good understanding of network technologies and protocols such as NIPS, IDS, TLS/SSL, DLP, firewalls, WAF, DNS and other common technologies and protocols.
- Experience in performing Network Penetration Testing for both internal and external networks.
- Knowledge in end-to-end flow on executing application and network penetration testing