Performs threat modeling to identify all possible attack vectors
Conduct vulnerability assessment and penetration testing against a wide array of technologies and platforms including )(Network, Infrastructure, WEB Applications, Mobile apps including IOS and Android and API
Select the appropriate technical tests, network or vulnerability scan tools and/or pen testing tools based on review of requirements and purpose
Conduct relevant research, data analysis, and create reports
Contribute to predictive analysis of malicious activity
Understand, review, and interpret vulnerability assessment and scannin results, reduce false positive findings, and act as security advisor to business unit partners
Track public and privately released vulnerabilities and assists in the triage process
Perform black box and gray box testing, source code analysis, manual pen testing, and vulnerability assessments
Perform hands on technical validation of vulnerability to determine risk to different configurations and priorities for remediation
Communicate current cybersecurity threats and educate stakeholders on risks and recommendations
Simulate cyberattacks to identify vulnerabilities
Participate in team problem solving efforts and offer ideas to solve the issues
Work with external pen testers to continually improve security on the platform
Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test
General qualifications
3+ years of operational experience in Information Technology & InformationSecurity.
Good written and verbal communication skills in English
University Degree in Computer Science, Computer Engineering or other relevant field.
Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset.
Good interpersonal communication and presentation skills.
Ability to be a team player.
Ability to work effectively in multiple cultures and at a range of levels.
Ability to constantly build up skillset using a mix of self-motivated and course based learning environment.
Ability to work independently, proactively to see the big picture and work through solutions as needed.
Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), antimalware,IDS and other security technologies.
Basic understanding of virtualization and software-defined data center concepts.
Knowledge of OSI reference model and networking fundamentals (switching,routing, load-balancing, firewalling).
Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.
Basic understanding of cryptographic functionality within such protocols would be of advantage.
Familiar with Security Regulations and Standards.
Technical qualifications
Experience with API testing and Mobile Application testing
Hands-on experience with two or more scripting languages such as Python,Powershell, Bash, or Ruby
Familiarity with penetration testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc
Proficiency or experience in any one of the following tools would be anadded advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security
Ability to demonstrate clear understanding of following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code audit/review
An aptitude for technical writing, including assessment reports and presentations
Strong understanding of penetration testing frameworks
Advanced knowledge of mobile application testing techniques, software protocols and the ability to bypass common mobile application security controls
Understanding of offensive security, including offensive evasion techniques
General knowledge of web applications, databases, mobile, and cloud applications
Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile)
Ability to think outside the box and emulate adversarial approaches
معرفی شرکت
اسنپ محصولی ایرانی است که از تیمی خلاق، جوان و تحصیلکرده قدرت میگیرد و در تلاش است تا صنعت فناوری اطلاعات و ارتباطات را به زندگی روزمره جامعه پیوند بزند.
اهداف بزرگی در سر داریم و بلند پروازیم. قصد داریم اسنپ را به بهترین راهکار برای سفرهای درونشهری ایران تبدیل کنیم و در این راه به کمک افراد خلاق، سختکوش و بلندپرواز احتیاج داریم. اگر چنین خصوصیاتی دارید خوشحال میشویم که رزومه خود را برایمان ارسال کنید.
مهارتهای مورد نیاز
LinuxDatabases MySQLNoSQL
جنسیت
مهم نیست
وضعیت نظام وظیفه
معافیت تحصیلیمعافیت دائمپایان خدمت
رشتههای تحصیلی مرتبط
ICT (فناوری اطلاعات و ارتباطات)
IT (فناوری اطلاعات)
کامپیوتر
مهندسی تکنولوژی نرم افزار کامپیوتر
مهندسی کامپیوتر