Senior Web Application - Penetration Tester
Posted on Nov 21, 2022 by Nexere Consulting Limited
My client are currently seeking Senior Engineer-Web Application Penetration Tester, to join our Cyber Security team, based in the US. The ideal candidate will possess a deep understanding and great experience of attack surfaces in modern compiled applications and operating systems.
Have a passion for breaking into websites and keen interest in information security.
Have a strong understanding of how web applications, both Server Side, and Single Page
Applications function hosted in the cloud.
Have a keen eye towards business logic attacks.
Ability to perform web, mobile and API penetration testing
Intricate know how of BURP Suite Pro security tool
Prior corporate Experience of web penetration testing applications is required including PCI environments.
Deep understanding of OWASP top ten vulnerabilities.
You follow the bug bounty community closely to understand the latest hacking techniques.
Familiarity with manual code review techniques.
Strong plus familiarity with NodeJS, C#, PHP, Python, JAVA languages.
Familiarity with AWS, Azure cloud
At least have a Bachelor's degree in computer science, software engineering or equivalent experience
At least have 5 to 7 years of Penetration testing experience (web, mobile, API)
Intricate know-how of BURP Suite Pro security tool and other Pen testing tools.
Ability to clearly state defensive techniques for discovered vulnerabilities.
Ability to communicate clearly how to remediate an issue.
Knowledge of how to write formal penetration reports and convey impact to business leaders.
Strong plus familiarity with NodeJS, C#, PHP, JAVA languages.
Strong plus familiarity with SWIFT, Objective-C, Kotlin languages (for mobile testing)
Expected to have some level of Python coding skills
Understanding of AWS IAM and AWS services is required. Other cloud platforms and plus.
Familiar with DNS Enumeration and supporting tools such as OWASP AMASS, Recon-Ng etc.
Experience with Gobuster, web fuzzing tools, nmap, password guessing/cracking and other common security tools.
Command line skills including writing bash scripts, powershell and ability to parse data from output of tools and logs
Some network penetration testing required.
Attend security conferences and CTF events regularly.