Application Security Penetester

Our client is urgently looking for a number of Application Security Penetester - Softare security tester.

You'll be responsible for the execution of security tests on a wide variety of internal and external facing applications on varities of environment like production, acceptance, testing & development. You also will assist with the continuous improvement of the processes critical to the success of the team. In this role, you will handling one or more Static-, dynamic and/or penetration tests and supporting the initial and technical intake process.

RESPONSIBILITY

Primary responsibility to provide Pentest of API & Web Services on Production environment, create actionable reporting based on findings, application testing, including black-, grey-, White Box Methods. Gradually engaging with Pen testing applications in scope for other suitable environments as well. Additionally you will support with pre intakes/technical intakes, development of security solutions and services, leveraging a robust technology portfolio, to address complex industry recognized information security trends and challenges faced by our respective clients. Assist the developers in walkthrough of findings to identify and fix.

WHAT WE EXPECT

B.S. in Computer Science or related technical major (M.S./PhD preferred), or significant job experience. You have a valid (Current) OSCP,OSCE, ECSA, ECSP, Sans, GIAC Certification.

Well Versed with penetration testing experience of both thick and thin applications across diversified platforms.

Experience with OWASP testing Guide/Open Source Security Testing Methodology Manual

Fluent in at least 1 programming/Scripting language

Expert with common web application penetration testing tools including, but not limited to Burp, Fiddler,OWASP Zap, BeEF, and at least one commercial solution (Web Inspect, Appscan, or similar).

Experience deploying enterprise security testing solutions.

Sufficient knowledge of Threat-Modelling is preferred.

Familiarity with common Pentesting tools including, but not limited to, Metasploit, vulnerability scanners, Kali Linux, and Nmap.

Familiarity with Pentesting SOAP & REST based Web services.

Familiarity with Secure Development Lifecycle practices and Agile development.

Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.

Artful communication skills and organizational savvy, to steer peers and leadership toward solutions that carefully balance business, risk, compliance, and engineering concerns.