· Vulnerability assessment and penetration testing on web applications and web services on your own
· Complete manual focused web application vulnerability assessments
· Understand how to identify, exploit, and remediate common application vulnerabilities through tools and code review.
· Report all detected vulnerabilities in Spara’s report template based on OWASP WSTG.
· Seek opportunities to Develop more complex scripts to automate checks and create custom tools.
· Clearly explain security vulnerabilities, highlighting remediation solutions and prioritizing the vulnerabilities and bugs we find to both technical and non-technical audiences.
Required Skills:
· 4+ years of relevant experience in penetration testing (at least 20 web app penetration testing on your own)
· Experience in penetration testing of financial apps like IPGs, Internet Banking, e-wallets, and Payment apps
· Have a keen eye toward business logic attacks.
· Ability to work in project teams by communicating with internal and external PMs and completing engagement within a given deadline
· Knowledge of API technologies, how to fuzz inputs, and industry-standard practices for securing API Technologies
· Have a high-level understanding of web protocols, such as HTTP/HTTPS
· Complete coverage on OWASP WSTG
· Manual testing using burp suite
· Understanding of secure software development life cycle (SSDLC)
· Web development background with expertise in security tools
· Java / JavaScript development background
· Excellent written and verbal communication skills
· Good understanding of Web Application Firewalls and bypass techniques
· Good knowledge of recon techniques
Bonus Points (not required) if you have:
· A BS or MS college certification from top universities.
· Mobile device and application testing experience
· Bug bounty or Capture-The-Flag (CTF) experience and rankings/reputation
· Full English Proficiency
· Familiarity with Cloud Platforms
· Strong familiarity with NodeJS, PHP, Python, and JAVA languages
· Experience in burp suite extension development
معرفی شرکت
شرکت امنیتی اسپارا بعنوان عضوی از شرکتهای گروه فناپ، کسبوکاری مستقل و متمرکز در حوزه امنیت، باهدف شناسایی حملات و نفوذ سایبری در کمترین زمان و ارتقای سطح امنیتی سازمانها، به همراه جمعی از بهترین متخصصین امنیت سایبری کشور، در تمامی حوزههای اطلاعاتی اعم از زیرساخت، تولید و عملیات، فعالیت میکند.
اعتماد عنصر اصلی فعالیت و ارتباطات ما در اسپارا است،