کارشناس ارشد ارزیابی امنیتی و آزمون نفوذ برنامه‌های کاربردی وب و وب‌سرویس

Requirements

● More than four years of relevant experience in penetration testing (at least 20 web app penetration testing on your own). ● Experience in penetration testing of financial apps like IPGs, internet banking, e-wallets, and payment apps. ● Keen eye toward business logic attacks. ● Ability to work in project teams by communicating with internal and external PMs and completing engagement within a given deadline. ● Knowledge of API technologies, how to fuzz inputs, and industry-standard practices for securing API technologies. ● Have a high-level understanding of web protocols, such as HTTP/HTTPS. ● Complete coverage on OWASP WSTG. ● Manual testing using burp suite. ● Understanding of Secure Software Development Life Cycle (SSDLC). ● Web development background with expertise in security tools. ● Java or JavaScript development background. ● Excellent written and verbal communication skills. ● Good understanding of Web Application Firewalls and bypass techniques. ● Good knowledge of recon techniques. Bonus Points (not required) if you have: ● Bachelor's or Master's degree from top universities. ● Mobile device and application testing experience. ● Bug bounty or Capture-The-Flag (CTF) experience and rankings/reputation ● Full English proficiency. ● Familiarity with cloud platforms. ● Strong familiarity with NodeJS, PHP, Python, and JAVA languages. ● Experience in burp suite extension development.