Senior Engineer - Security Testing

RESPONSIBILITIES

• 
  

  Perform penetration testing and vulnerability assessments on web, API, and mobile applications to identify security weaknesses

• 
  

  Create new testing methods to identify vulnerabilities.

• 
  

  Pinpoint methods and entry points that attackers may use to exploit vulnerabilities or weaknesses.

• 
  

  Search for weaknesses in common software, web applications, and proprietary systems.

• 
  

  Document and communicate findings as per ASVS checklist, risks, and recommendations in detailed reports for technical and non-technical stakeholders

• 
  

  Review and provide feedback for information security fixes.

• 
  

  Establish improvements for existing security services, including hardware, software, policies, and procedures.

• 
  

  Identify areas where improvement is needed in security education and awareness for users.

• 
  

  Be sensitive to corporate considerations when performing testing (i.e. minimize downtime and loss of employee productivity).

• 
  

  Stay updated on emerging threats, security trends, and best practices in cybersecurity to improve testing methodologies

REQUIRED

• 
  

  3-6 years of Security Vulnerable, Exploitation, and Penetration testing experience.

• 
  

  Experience with OWASP testing Guide / Open-Source Security Testing Methodology Manual

• 
  

  Experience deploying enterprise security testing solutions.

• 
  

  Familiarity with Secure Development Lifecycle practices and Agile development with Continuous Delivery / Integration.

• 
  

  Advanced understanding of security concepts and security best practices

• 
  

  Understanding and familiarity with common code review methods and standards

• 
  

  Experience with performing penetration testing and risk assessments against computer networks

• 
  

  Background with Qualys, Tenable, and OpenVAS Vulnerability Scanners

• 
  

  Ability to think analytically.

• 
  

  Knowledge of technical systems and terminology.

• 
  

  Proficiency in scripting languages.

• 
  

  Ability to identify and exploit vulnerabilities.

GOOD TO HAVE

• 
  

  Relevant industry certifications like CEH, GPEN, OSCP, OSCE, CRTO, CRTP, PNPT, and experience working with frameworks like MITRE ATT&CK/D3FEND) and security-related legal and regulatory requirements (ISO 27001, NIST, PCIDSS etc.).

• 
  

  Strong problem-solving skills and leadership abilities, with good interpersonal skills to build relationships and communicate findings professionally, with fluency in written and spoken English.