استخدام Application Penetration Tester
شرح موقعیت شغلی
Job Description
- Performing application vulnerability and security assessments and penetration testing and propose remediation approaches
- Discovery of Problems/Identifying Vulnerabilities
- Performing manual Penetration test (Black-box\Grey-box) on application
- Performing dynamic and static analysis, fuzzing, and secure coding practices
- Performing assessments of Secure/Software Development Life Cycle processes
- communicate and report application vulnerability and security assessments to the upper management
- Provide security guidance and drive decisions in collaboration with other technical and management team,
ensuring Security principles are being upheld and no violations of Security Policy is taking place
- Work independently with developers, product owners, and other colleagues to ensure secure design, development, and implementation of our applications
- Identifying current and emerging technology issues including security trends, vulnerabilities, and threats
- Hardening DBMSs, Web Service (IIS, Apache, etc.) and Web Application
- Working hours: Saturday to Wednesday at 8:00 to 16:00.
- Performing application vulnerability and security assessments and penetration testing and propose remediation approaches
- Discovery of Problems/Identifying Vulnerabilities
- Performing manual Penetration test (Black-box\Grey-box) on application
- Performing dynamic and static analysis, fuzzing, and secure coding practices
- Performing assessments of Secure/Software Development Life Cycle processes
- communicate and report application vulnerability and security assessments to the upper management
- Provide security guidance and drive decisions in collaboration with other technical and management team,
ensuring Security principles are being upheld and no violations of Security Policy is taking place
- Work independently with developers, product owners, and other colleagues to ensure secure design, development, and implementation of our applications
- Identifying current and emerging technology issues including security trends, vulnerabilities, and threats
- Hardening DBMSs, Web Service (IIS, Apache, etc.) and Web Application
- Working hours: Saturday to Wednesday at 8:00 to 16:00.
Requirements
- Nature and length of previous experience: Penetration Testing with 1+ years’ Work Experience, also Web developer background is a plus
- University Qualifications: BSc or MSc in computer engineering or Information Technology
- Information security related certifications like Certified Ethical Hacker (CEH), SANS SEC 542, 642, 504 are plus.
- Nature and length of previous experience: Penetration Testing with 1+ years’ Work Experience, also Web developer background is a plus
- University Qualifications: BSc or MSc in computer engineering or Information Technology
- Information security related certifications like Certified Ethical Hacker (CEH), SANS SEC 542, 642, 504 are plus.
Specialist knowledge:
- understanding of information security concepts, standards and practices
- Familiar with network concepts including but not limited to TCP/IP protocol, subnetting, routing, access control lists, firewalls, VPN, NAT
- Strong Understanding of packet analysis include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
- Familiar with application testing tools to perform security assessments: AppScan, Netsparker, Acunetix, BurpSuite, OWASP ZAP, or equivalent
- Familiar with at least one programing language
- Familiar with Application vulnerabilities and security issues
- Understanding of threat attacks, exploitation and data exfiltration
- Familiar with REST, JSON, WebServices, SOAP, XML
- Familiar with web technologies (HTML, CSS, JavaScript)
- Basic Understanding of Software Development Concepts
- Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML
- Basic Understanding of JavaScript debugging
- Understanding of database systems such as Oracle, MSSQL and MySQL
- understanding of information security concepts, standards and practices
- Familiar with network concepts including but not limited to TCP/IP protocol, subnetting, routing, access control lists, firewalls, VPN, NAT
- Strong Understanding of packet analysis include: HTTP Headers & Status codes, SMTP Traffic & Status codes, FTP Traffic & Status Codes
- Familiar with application testing tools to perform security assessments: AppScan, Netsparker, Acunetix, BurpSuite, OWASP ZAP, or equivalent
- Familiar with at least one programing language
- Familiar with Application vulnerabilities and security issues
- Understanding of threat attacks, exploitation and data exfiltration
- Familiar with REST, JSON, WebServices, SOAP, XML
- Familiar with web technologies (HTML, CSS, JavaScript)
- Basic Understanding of Software Development Concepts
- Good understanding of HTTP protocol, Oauth, SSO, JWT, HTML
- Basic Understanding of JavaScript debugging
- Understanding of database systems such as Oracle, MSSQL and MySQL
Soft Skills and Personality traits:
- Excellent written and verbal communication skills
- Ability to clearly communicate and present technical topics
- High skill in solving problems and providing optimal solutions
- Strong organizational skill and be able to attend to and prioritize projects
- Excellent analytical and time management skills
- Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand environment
- Ability to work under pressure and stressful scenarios
- Self-study capability and morality
- Teamwork skills
- Discipline and professional ethics
- Excellent written and verbal communication skills
- Ability to clearly communicate and present technical topics
- High skill in solving problems and providing optimal solutions
- Strong organizational skill and be able to attend to and prioritize projects
- Excellent analytical and time management skills
- Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand environment
- Ability to work under pressure and stressful scenarios
- Self-study capability and morality
- Teamwork skills
- Discipline and professional ethics
مهارتهای مورد نیاز
- تست نرم افزار
- REST
- JSON
- SOAP
- امنیت اطلاعات
- امنیت
حداقل سابقه کار
- کمتر از سه سال
جنسیت
- مهم نیست
وضعیت نظام وظیفه
- معافیت دائم پایان خدمت