Description
Education / Experience:
Degree in Computer Engineering, Computer Science, Information Systems, Digital Forensics or equivalent qualifications
Minimum 2 years’ of relevant work experience in IT security implementation and operations
Possessed OSCP or attained CREST
Job Description:
Perform application and infrastructure penetration tests for customers
Conducting application security assessments and penetration tests (web, mobile, web service, etc.). Assessments involve manual testing and analysis as well as the use of automated application vulnerability scanning/testing and/or code review tools i.e. Burp Suite Professional, HP Fortify or Checkmarx
Writing a formal security assessment report for each application, using our company’s standard reporting format
Participating in conference calls or on client’s site with potential client to scope out newly requested security projects and estimate the amount of time required to complete the project and current clients to review assessment results and consult with the clients on remediation options
Retesting security vulnerabilities and republishing reports to indicate the retesting results
Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
Skill sets:
Experience with various security tools and products (Fortify, AppScan, Nessus etc)
Several years of experience developing web and/or mobile applications, preferably hard-core financial, e-commerce, or business applications that face the Internet required
Knowledge of the HTTP protocol and how it works
Experience performing application security testing using manual techniques plus runtime vulnerability testing tools and/or code review tools