Penetration Tester - Appsec

Job Overview:

Application Security Engineer

Key Responsibilities:

• Conduct security assessments for both web and mobile applications.

• Perform vulnerability assessments and penetration tests using tools such as Burp Suite Pro, AppScan, Veracode, Fortify, WebInspect, Acunetix, etc.

• Leverage mobile application testing tools like Drozer, Xposed, MobSF, SSLTrustKiller, Frida, apktool, dex2jar, jadx, and IDA for iOS and Android applications.

• Conduct thorough testing of APIs to identify security flaws.

• Utilize OWASP and SANS standards to guide security practices.

• Stay up to date with the latest security testing tools, techniques, and ethical hacking methodologies.

• Compile and present risk-based findings to stakeholders, providing detailed reports and suggesting appropriate mitigations.

• Provide expertise on penetration testing methodologies, including black box, grey box, and white box testing.

• Demonstrate proficiency with common penetration testing tools such as nmap, Wireshark, Kali Linux, Metasploit, OpenVAS, OWSAP ZAP, Accunetix, Nikto, Nessus, and sqlmap.

• Assist development teams with implementing penetration tests as part of the Secure Software Development Life Cycle (Secure SDLC).

• Create and refine security checklists tailored to organizational needs.

• Ensure continuous security improvement by making suggestions for system and process enhancements.

• Experience working with SaaS, IaaS, and PaaS environments, helping integrate and optimize security technologies and processes.

Skills and Qualifications:

• Proficiency with OWASP Top 10 and SANS security standards.

• Strong experience in using security assessment tools, including both static (SAST) and dynamic (DAST) application security testing tools.

• Hands-on experience with mobile application security testing and mobile-specific vulnerabilities. • Proficient with web technologies such as J2EE, XML, JSON, SOAP, REST, and AJAX.

• Basic programming knowledge in Java, JavaScript, and SQL.

• Familiarity with encryption, authentication, and authorization techniques for secure software development.

• Experience in automating security testing using scripting languages like Python, Bash, or Java.

• Knowledge of network security and vulnerability assessment practices.

• Experience in Secure Code Review and identifying vulnerabilities in the source code.

• Strong understanding of various security techniques and risk assessment processes.

Certifications:

• Certified Ethical Hacker (CEH) or equivalent certifications related to application security.

Desired Competencies:

• OWASP, Burp Suite, Web Application Security, Acunetix, Vulnerability Assessment, Network Security, Mobile Application Security.

• Proficient in Secure Code Review, Python, Bash, Java, and Automation scripting.