Application Penetration Tester

Tehran Securities Exchange Technology Management (TSETMC) Tehran

Posted Over a month ago

Job

Company

Salary

Applicant Insights

Job Description

● Perform application vulnerability and security assessments and penetration testing and propose remediation approaches. ● Discovery of problems/identifying vulnerabilities. ● Perform manual penetration test (Black-box\Grey-box) on application. ● Perform dynamic and static analysis, fuzzing, and secure coding practices. ● Perform assessments of secure/software development life cycle processes. ● Communicate and report application vulnerability and security assessments to the upper management. ● Provide security guidance and drive decisions in collaboration with other technical and management teams, ensuring Security principles are being upheld and no violations of security policy are taking place. ● Work independently with developers, product owners, and other colleagues to ensure secure design, development, and implementation of our applications. ● Identify current and emerging technology issues including security trends, vulnerabilities, and threats. ● Hardening DBMSs, Web Service (IIS, Apache, etc.), and Web Application. ● Working hours: Saturday to Wednesday from 8:00 to 16:00.

Requirements

● More than 1 year of penetration testing experience. ● Work experience, also Web developer background is a plus ● Bachelor's or Master's degree in Computer Engineering or Information Technology. ● Information security-related certifications like Certified Ethical Hacker (CEH), SANS SEC 542, 642, 504 are plus. Specialist knowledge: ● Understanding of information security concepts, standards, and practices. ● Familiar with network concepts including but not limited to TCP/IP protocol, subnetting, routing, access control lists, firewalls, VPN, NAT. ● Strong understanding of packet analysis includes HTTP Headers & Status codes, SMTP Traffic, and Status codes, FTP Traffic, and Status Codes. ● Familiar with application testing tools to perform security assessments: AppScan, Netsparker, Acunetix, BurpSuite, OWASP ZAP, or equivalent. ● Familiar with at least one programing language. ● Familiar with Application vulnerabilities and security issues. ● Understanding of threat attacks, exploitation, and data exfiltration. ● Familiar with REST, JSON, WebServices, SOAP, XML. ● Familiar with web technologies (HTML, CSS, JavaScript). ● Basic Understanding of Software Development Concepts. ● Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML. ● Basic Understanding of JavaScript debugging. ● Understanding of database systems such as Oracle, MSSQL, and MySQL. Soft skills and personality traits: ● Excellent written and verbal communication skills. ● Ability to clearly communicate and present technical topics. ● High skill in solving problems and providing optimal solutions. ● Strong organizational skills and be able to attend to and prioritize projects. ● Excellent analytical and time management skills. ● Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high-demand environment. ● Ability to work under pressure and in stressful scenarios. ● Self-study capability and morality. ● Teamwork skills. ● Discipline and professional ethics.

Employment Type