امکان جدید:
همین حالا رزومه خود را در کمتر از ۱۰ دقیقه بسازید،
برو به رزومهساز
:fill(transparent):format(png)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/4024f380-3a66-11e9-891a-d6b790452c1a_0d2a2dec-2045-43d5-b74d-fe97fc7ca58b/main.png)
اسنپ | Snapp
استخدام Penetration Testing Engineer
-
دستهبندی شغلی
-
موقعیت مکانی
-
نوع همکاری
-
حداقل سابقه کار
-
حقوق
شرح موقعیت شغلی
About Snapp
Snapp is the pioneer provider of ride-hailing mobile solutions in Iran that connects smartphone owners in need of a ride to Snapp drivers who use their private cars to offer transportation services. We are ambitious, passionate, engaged, and excited about pushing the boundaries of the transportation industry to new frontiers and being the first choice of each user in Iran.
Snapp is the pioneer provider of ride-hailing mobile solutions in Iran that connects smartphone owners in need of a ride to Snapp drivers who use their private cars to offer transportation services. We are ambitious, passionate, engaged, and excited about pushing the boundaries of the transportation industry to new frontiers and being the first choice of each user in Iran.
Responsibilities
- Conduct formal both automated and manual penetration tests using approved standard methodologies to identify and exploit vulnerabilities in networks, systems, and applications owned by Legal Technology.
- Assess security controls for large enterprise systems and applications, and hosting infrastructure.
- Evaluate configurations and implementations of firewalls, proxy servers, routers, Virtual Private Networks (VPNs), IDS / IPS, wireless networks, etc. against legal requirements, the organization’s local policy, and industry best practices.
- Conduct security system engineering based on industry best practices and common frameworks.
- Document technical and logical security findings identified during the security assessments, and report them in a timely manner.
- Provide consultative support with the implementation of remediation steps, standards, and best practices.
- Advise on methods to fix or lower security risks to systems.
- Operate a hands-on role involving penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks, and mobile applications/devices.
- Develop and maintain security testing plans.
- Develop meaningful metrics to reflect the true posture of the environment allowing the organization to make educated decisions based on risk.
- Produce actionable, threat-based, reports on security testing results.
- Act as a source of direction, training, and guidance for less experienced staff.
- Mentor and coach other IT security staff to provide guidance and expertise in their growth.
- Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation.
- Communicate security issues to a wide variety of internal and external “customers” including technical teams, executives, risk groups, vendors, and regulators.
- Deliver the periodical penetration testing schedule and conduct awareness campaigns to ensure proper budgeting by business lines for annual tests.
- Foster and maintain relationships with key stakeholders and business partners.
Job Requirements
- Experience with API testing and Mobile Application testing
- Hands-on experience with two or more scripting languages such as Python, Powershell, Bash, or Ruby.
- Familiarity with penetration testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc.
- Proficiency or experience in any one of the following tools would be an added advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK, Android Debug Bridge, CodifiedSecurity, Drozer, and WhiteHat Security.
- Ability to demonstrate a clear understanding of the following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), and Participate in code audit/review.
- An aptitude for technical writing, including assessment reports and presentations.
- Strong understanding of penetration testing frameworks.
- Advanced knowledge of mobile application testing techniques, software, protocols, and the ability to bypass common mobile application security controls.
- Understanding of offensive security, including offensive evasion techniques.
- General knowledge of web applications, databases, mobile, and cloud applications.
- Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile).
- Ability to think outside the box and emulate adversarial approaches.
Preferred Qualifications:
- 3+ years of operational experience in Information Technology & Information Security.
- Good written and verbal communication skills in English
- University Degree in Computer Science, Computer Engineering, or other relevant fields.
- Certifications such as CEH, Security+, ISO 27K, and SANS would be considered an asset.
- Good interpersonal communication and presentation skills.
- Ability to be a team player.
- Ability to work effectively in multiple cultures and at a range of levels.
- Ability to constantly build up a skill set using a mix of self-motivated and course-based learning environments.
- Ability to work independently, and proactively to see the big picture and work through solutions as needed.
- Good knowledge of Windows, Linux, databases (MySQL, no-SQL), anti-malware, IDS, and other security technologies.
- Basic understanding of virtualization and software-defined data center concepts.
- Knowledge of OSI reference model and networking fundamentals (switching, routing, load-balancing, firewalling).
- Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.
- A basic understanding of cryptographic functionality within such protocols would be of advantage.
- Familiar with Security Regulations and Standards.
معرفی شرکت
اسنپ محصولی ایرانی است که از تیمی خلاق، جوان و تحصیلکرده قدرت میگیرد و در تلاش است تا صنعت فناوری اطلاعات و ارتباطات را به زندگی روزمره جامعه پیوند بزند.
اهداف بزرگی در سر داریم و بلند پروازیم. قصد داریم اسنپ را به بهترین راهکار برای سفرهای درونشهری ایران تبدیل کنیم و در این راه به کمک افراد خلاق، سختکوش و بلندپرواز احتیاج داریم. اگر چنین خصوصیاتی دارید خوشحال میشویم که رزومه خود را برایمان ارسال کنید.
اهداف بزرگی در سر داریم و بلند پروازیم. قصد داریم اسنپ را به بهترین راهکار برای سفرهای درونشهری ایران تبدیل کنیم و در این راه به کمک افراد خلاق، سختکوش و بلندپرواز احتیاج داریم. اگر چنین خصوصیاتی دارید خوشحال میشویم که رزومه خود را برایمان ارسال کنید.
-
زبانهای مورد نیاز
-
مهارتهای مورد نیاز
-
جنسیت
-
وضعیت نظام وظیفه
-
حداقل مدرک تحصیلی
این آگهی منقضی
شده است
مشاغل مشابه
-
:fill(transparent):format(png)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/565fa77a-402f-11e9-8dcd-d6b790452c1a_82a398f7-230f-438c-b693-ae25eab21e51/main.png)
برنامهنویس (PHP (Laravel (۳ روز پیش)
-
:fill(transparent):format(png)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/1da97ed5-3fa5-4087-ab27-9e456bf2dcc6/main.png)
(Software Testing Engineer (QC (۱۲ روز پیش)
-
:fill(white):format(jpeg)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/8a08964f-322f-41c8-8e40-010c32d37236/main.jpg)
QA) Software Testing Engineer) (۱۹ روز پیش)
-
:fill(white):format(jpeg)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/a3addd81-f98e-4b46-a55b-3239258f7891/main.jpg)
کارشناس تست نفوذ (۵۵ روز پیش)
-
:fill(transparent):format(png)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/89918548-c8ca-479e-94c8-5bc657e2eebd/main.png)
Software Engineer (۳ روز پیش)
-
:fill(transparent):format(png)/https://mstorage2.jobinjacdn.com/other/files/uploads/images/0d2f67dc-0a2c-11e8-aaa9-06a874001fea_9c28b5f8-6ed1-4432-8288-22c5c1eeffc5/main.png)
TechOps Engineer (۹ روز پیش)
چه موردی را میخواهید گزارش کنید؟
از اینجا شروع کنید
این آگهی منقضی شده است