Application Security Penetester
- Desirable rate
- Immediate - 3 weeks flexbility
Our client is urgently looking for a number of Application Security Penetester - Softare security tester.
You’ll be responsible for the execution of security tests on a wide variety of internal and external facing applications on varities of environment like production, acceptance , testing & development. You also will assist with the continuous improvement of the processes critical to the success of the team. In this role, you will handling one or more Static-, dynamic and/or penetration tests and supporting the initial and technical intake process.
Primary responsibility to provide Pentest of API & Web Services on Production environment, create actionable reporting based on findings, application testing, including black-, grey-, white box Methods. Gradually engaging with Pen testing applications in scope for other suitable environments as well. Additionally you will support with pre intakes/technical intakes, development of security solutions and services, leveraging a robust technology portfolio, to address complex industry recognized information security trends and challenges faced by our respective clients. Assist the developers in walkthrough of findings to identify and fix .
What we expect
· B.S. in Computer Science or related technical major (M.S./PhD preferred), or significant job experience. You have a valid (Current) OSCP,OSCE, ECSA, ECSP, Sans, GIAC Certification.
· Well Versed with penetration testing experience of both thick and thin applications across diversified platforms.
· Experience with OWASP testing Guide / Open Source Security Testing Methodology Manual
· Fluent in at least 1 programming/scripting language.
· Expert with common web application penetration testing tools including, but not limited to Burp, Fiddler,OWASP Zap, BeEF, and at least one commercial solution (Web Inspect, Appscan, or similar).
· Experience deploying enterprise security testing solutions.
· Sufficient knowledge of Threat-Modelling is preferred.
· Familiarity with common Pentesting tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap.
· Familiarity with Pentesting SOAP & REST based Web services.
· Familiarity with Secure Development Lifecycle practices and Agile development.
· Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.
· Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.