Job Description
● Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs. ● Execute manual and automated code analysis to assess the quality and security of source code. ● Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews. ● Develop custom tools and exploits. ● Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations. ● Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
Requirements
● Experience in performing penetration testing on enterprise networks, web applications, and mobile applications. ● Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws. ● Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON). ● Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities. ● Experience developing actionable intelligence based on open source intelligence (OSINT) gathering. ● Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc. ● Solid understanding of OWASP testing methodology. ● Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc). ● Capable of working effectively and efficiently with minimal supervision. Preferences: ● Strong knowledge of web application development or source code review experience. ● Strong knowledge of Windows and Linux operating systems. ● Working knowledge of containerized applications and container-based security controls and configurations.
Employment Type
- Full Time
Job Category
Seniority
Details
Employment type
- Full Time
Job Category
Seniority
