PEN TESTER

Company Description

Job Description

Responsibilities

• Conduct black box ,white box security and penetration testing to assess and validate application security

• Perform manual pen-tests, ability to setup threat models and fuzzers. Be able to work in an ethical lab for hackers

• Participate in architecture and design reviews with developers (all levels)/DevOps staff

• Design, implement and support security tools and services

• Influence and measure security policies and share best practices and recommendations 

• Being able to track and monitor and use vulnerability tracking methods and tools

• Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation

• Issue reports on assigned application and system scans

• Perform Secure Code Development Training to developers and relevant staffs

• Support security policies and procedures

• Participate in security compliance efforts

• Participate in security operations support

• Evaluate new and emerging security products and technologies


Required Skills and Experience 

• 5+ years of experience in web or mobile application security

• 5+ years of application development

• Passion for security, and a deep technical understanding of enterprise systems architecture

• Expert knowledge of information security principles, ethical hacking standards, along with a thorough knowledge of the current threat landscape and recent hacks and malware

• Knowledge of cloud-based infrastructures/software and how they affect security needs

• Familiarity and hands-on knowledge of with multiple languages and platforms (Java, Python, C/C++, Ruby, Perl and frameworks like Node.js, DoJo, and Angular.js ).

• Experience with HTML and Javascript along with a solid understanding of HTTP protocol

• Working Knowledge of SQL, Oracle, Mongo DB and PostgreSQL 

• Coding knowledge in one or more front end and web technologies like Java & Ruby, Python, Perl; mobile code development is a plus

• In-depth knowledge and experience in OWASP 2013, SANS 25 and CWE

• In-depth Experience in providing vulnerability remediation, with code examples, both web and mobile applications

• Experience in working on AGILE projects and Waterfall Projects, along with fundamental project management and time management skills

• Experience in the all parts of the SDLC, such as coding, integration testing, security analysis and audits, code reviews, designing etc.

• Experience using vulnerability assessment tools/platforms such as IBM Appscan Enterprise, Coverity, CheckMarx, Nessus, Qualys, GFI, HP Fortify, Veracode, Burp Suite, MS Threat Modeler, Codenomicon etc.

• Hands-on knowledge of cryptographic and encryption, PCI knowledge is a plus

• Understanding of malware by device type

• Expert problem solving and analytical skills; Advanced communication skills both spoken and written, to all levels of management

• Self-driven and the ability to work with minimal supervision is required

Qualifications

•Bachelor’s degree in an Information Technology/Computer Science/Computer Engineering

Additional Information

This is IMMEDIATE requirement