Senior Security Auditor

The contract is with a consultancy to be on an assignment with large European site in Den Haag, Netherlands as follows:

Tasks

The consultant will perform the following tasks and services (not an exhaustive list):

Performing web application security vulnerability assessments, including infrastructure level components that influence the security posture of the web applications

Writing and maintaining security test scripts for manual and automated testing

Defining recommendation how to resolve identified security test defects

Provide documented reports on the assessment findings and propose technical remediation actions

LANGUAGE LEVEL

Good working knowledge of English

MANDATORY:

At least 7 years professional experience in web application-level security penetration testing and have participated in minimum 10 projects (for specific areas indicated below) similar to the service required under this RfO.  The experience must cover all areas listed below, as follows:

Extensive knowledge of and extensive experience of vulnerability assessments, particularly of web applications, including tools and techniques:

Extensive experience in using vulnerability assessment tools both commercial as well as open source

Experience in performing validations of identified vulnerabilities by manual inspections to remove false positives

Extensive experience in application level penetration testing

Extensive working knowledge of the OWASP Application Security Verification Standard and emerging application security best practices

Extensive knowledge of and experience with recognised security assessment methodologies such as the Open Source Security Testing Methodology and the OWASP Testing Guide

DESIRABLE:

Possession of a recognised information security certification will be considered as an asset during the evaluation but is not mandatory:

Technical vulnerability tester: CEH, OSCP or relevant certification.