Must have Skills : Security Assessment, Penetration Testing, Vulnerability Scanning, Security Testing
Job Description :
Looking for a security professional who is good at performing security testing of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders. Capability to think Out-of-the-Box and come up with attack vectors for the target components would be required for this role.
Experience and Qualifications:
- Should have 3-6 year of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server)
- Through knowledge of the OWASP framework and testing guide.
- Hands-on knowledge of Pen testing, red team exercise, and bug hunting.
- Hands-on knowledge of DAST/SAST/IAST solutions.
- Knowledge on scripting (e.g. in python, PowerShell, JavaScript) to write automation scripts & PoCs.
- Knowledge on SSO and OAuth 2.0 flows would be required
- Bachelor degree. - Preferably in the field of Computer Science/ Computer Application/ Information & Technology/ Electronic & Communication Engineering.
- Security certifications i.e. OSCP, OSWE, CCSP are a plus.
- Experience in bug bounty hunting with well-known bug bounty platforms /vulnerability disclosure programs are a plus.
- Should be good at performing Security Testing of the following: - Web Application - API - Mobile applications (android + iOS) - Infrastructure (Server + network) - AWS, Azure and GCP environments
- Pen Testing and Red team exercises against assigned target scope.
- Write automation & PoC scripts from time to time.
- Should be able to perform assessment to detect open-shares and non-compliant AD accounts
- Pentest Identity Provider (IdP) integrated applications with SSO and OAuth.
- Should be well versed with the following tools: - Burp Suite - Postman - VirtualBox - Kali Linux - Metasploit - Android Studio (AVD) - Scripting - Tenable - AWS, Azure and GCP - DAST and SAST solutions
