• Anywhere

Website decideconsultng   A Global Cybersecurity Company is looking for a Penetration Tester. This is an integral part of the Global Cyber Security team.  This role is responsible for executing penetration tests to support the Secure Development Lifecycle.   What you will do: ·        Ensure that products that are developed are built securely and security vulnerabilities detected

 

A Global Cybersecurity Company is looking for a Penetration Tester. This is an integral part of the Global Cyber Security team.  This role is responsible for executing penetration tests to support the Secure Development Lifecycle. 

 What you will do:

·        Ensure that products that are developed are built securely and security vulnerabilities detected in the product are addressed prior to release.

·        Participate in penetration testing, scoping, security test planning, identifying tools required for penetration testing

·        Participate in threat modeling, risk analysis and creating mitigation plan

·        Identify and recommend appropriate measures to manage and remediate discovered or potential vulnerabilities, providing guidance to partner teams

·        Mature penetration testing strategy for early and effective detection of potential vulnerabilities.

·        Demonstrate the ability to assess the security of applications- Web applications, APIs, backend / infrastructure supporting the applications, Cloud, Microservices

·        Promote Secure SDLC and the culture of "shift-left” by integration security tools into CI/CD

·        Demonstrate knowledge of secure code scanning tools

·        Keep up-to-date knowledge of vulnerabilities in the field of security for secure application development

·        Handle communication between geographically dispersed groups 

Qualifications

·        4-6 years of independent end to end hands-on manual experience in Web application penetration testing, Webservice / API (REST & SOAP) Penetration Testing

·        Familiar with security guidelines such as OWASP Top Ten, OSTMM (Open Source Security Testing Methodology Manual) & WASC (Web Application Security Consortium)

·        Bachelor's or Master's degree in computer science or related field

·        Security certification/s such as OSCP, GWAPT,  CEH, CCSK, CCSP, GCPN are strongly considered

·        Knowledge of Azure and AWS cloud attacks

·        Experience in enumeration techniques, authentication and authorization, data access, encryption algorithms

·        Knowledge of security fundamentals, network/application protocols, topologies, reverse engineering, fuzzing & exploit development

·        Experience in executing security assessment activities which includes internal/external stakeholder communications, risk assessment, documentation and reporting and presentation of findings

·        Effective project management skills, oral and written communication skills, interpersonal skills

·        Hands on experience with security tools such as Burp Suite Pro, web application scanners (IBM AppScan, Acunetix, Rapid7 etc..) and static code analysis tools such as Checkmarx, BlackDuck, Veracode, Fortify etc…

Nice to Haves

·        Expertise in evaluating the security of cloud-based applications, services, and infrastructures including serverless architectures

·        Experience with testing storage and database systems, virtual machines

·        Hands-on experience with penetration testing of microservices, SaaS,PaaS

·        Participated in Bug Bounty programs and CTF

·        Experience in presenting at security conferences / events

·        Familiarity with at least one scripting language (Python, Powershell) and programming language such as JAVA and .NET

·        Knowledge of Secure SDLC and DevSecOps implementation

 

Recruiter:

Position Type:
Experience Level:

Back to Jobs List