Perform automated testing of running applications and static code (SAST, DAST).
Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
Experience in one or more of the following a plus: mobile application testing, Web application pen testing, application architecture and business logic analysis.
Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux.
Able to explain IDOR, Second Order SQL Injection, CSRF - Vulnerability, Root cause, Remediation
Mandatory Technical & Functional Skills
Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent.
Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs
Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations.
Preferred one year of experience in development of web applications and/or APIs.
Should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand.
One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA
(ref:hirist.tech)
How strong is your resume?
Upload your resume and get feedback from our expert to help land this job
How strong is your resume?
Upload your resume and get feedback from our expert to help land this job