آگهی‌های استخدامی

استخدام Senior Web App Penetration Tester

اسپارا | Spara
تهران، تهران

شرح موقعیت شغلی

What you will do: 


·         Vulnerability assessment and penetration testing on web applications and web services on your own 


·         Complete manual focused web application vulnerability assessments 


·         Understand how to identify, exploit, and remediate common application vulnerabilities through tools and code review. 


·         Report all detected vulnerabilities in Spara’s report template based on OWASP WSTG. 


·         Seek opportunities to Develop more complex scripts to automate checks and create custom tools. 


·         Clearly explain security vulnerabilities, highlighting remediation solutions and prioritizing the vulnerabilities and bugs we find to both technical and non-technical audiences. 


Required Skills: 


·         4+ years of relevant experience in penetration testing (at least 20 web app penetration testing on your own) 


·         Experience in penetration testing of financial apps like IPGs, Internet Banking, e-wallets, and Payment apps 


·         Have a keen eye toward business logic attacks. 


·         Ability to work in project teams by communicating with internal and external PMs and completing engagement within a given deadline 


·         Knowledge of API technologies, how to fuzz inputs, and industry-standard practices for securing API Technologies 


·         Have a high-level understanding of web protocols, such as HTTP/HTTPS 


·         Complete coverage on OWASP WSTG 


·         Manual testing using burp suite 


·         Understanding of secure software development life cycle (SSDLC) 


·         Web development background with expertise in security tools 


·         Java / JavaScript development background 


·         Excellent written and verbal communication skills 


·         Good understanding of Web Application Firewalls and bypass techniques 


·         Good knowledge of recon techniques 


Bonus Points (not required) if you have: 


·         A BS or MS college certification from top universities. 


·         Mobile device and application testing experience 


·         Bug bounty or Capture-The-Flag (CTF) experience and rankings/reputation 


·         Full English Proficiency 


·         Familiarity with Cloud Platforms 


·         Strong familiarity with NodeJS, PHP, Python, and JAVA languages 


·         Experience in burp suite extension development 


مهارت‌های مورد نیاز

  • Web API
  • web app penetration tester
  • PHP
  • Python

حداقل سابقه کار

  • سه تا شش سال

جنسیت

  • مهم نیست

وضعیت نظام وظیفه

  • مهم‌ نیست

نوع همکاری:

تمام وقت

دسته‌بندی شغلی:

وب،‌ برنامه‌نویسی و نرم‌افزار

تاریخ انتشار آگهی:

۱۴۰۲/۱۲/۱۵ (منقضی‌شده)

مشاغل مشابه

مشاهده آگهی‌های استخدام مشابه