کارشناس تست نفوذ

خدمات انفورماتیک نوین کیش

منتشر شده 4 سال پیش

سمت شغلی

شرکت

حقوق

آمار رزومه‌های ارسال شده

Job Description

- Candidate must have a strong understanding of Application and network security concepts. - Uses security products and systems to detect security weaknesses, and have technical experience with Network and Web application security. - Experience in source code security reviews - Experience in Malware Analysis and reverse engineering Responsible for: - Perform research activities to investigate vulnerabilities and technologies which may impact the product suite - Penetration Testing of Web Application and Mobile Applications - Experience in programming: able to code and use scripting languages (Python, Perl, etc.), an asset - Experience with penetration testing against internal and external facing corporate infrastructures - Responsible for identifying code vulnerabilities - Responsible for interpreting code review results and recommending corrective action - Dissect exploits, attacker tools and malware in support of incident responders, and will also help develop innovative tools to assist responders and automate malware analysis - Analyze and evaluate complex code and malicious binaries through the use of security and forensic tools and reverse engineering

Requirements

- At least three (3) years working on vulnerability assessment and/or penetration test - Software development, code review, static analysis experience highly desired - Application and/or infrastructure penetration testing experience above and beyond running automated tools - A good understanding of Linux, Windows and network security skills - Fundamental understanding of “coding languages” – C++, C#, PHP, AJAX, HTML, etc. - Development and/or source code review experience in C/C++, C#, VB.NET, ASP, PHP, or Java and/or Fortify, Veracode, Brakeman and/or IDA Pro or ollydbg - Experience with physical security testing, phishing, and social engineering techniques. - Experience with mobile applications such as Android Debug Bridge (ADS), OWASP ZAP, Drozer, Mobile Security Framework (MobSF), Smartphone Pentest Framework (SPF), Burp Suite, Android SDK, Cydia and/or IDB

Employment Type