3 Ssrf Jobs

About the Role Join us in building an autonomous penetration testing platform that simulates real-world adversaries. You&aposll develop exploit chains, 0-day discovery systems, and evasive payloads that help organizations understand their security posture for cyber insurance and compliance. What You&aposll Build Exploit Automation : Multi-stage attack chains from initial access to data exfiltration 0-Day Discovery : Intelligent fuzzing infrastructure and vulnerability research systems Evasion Techniques : Polymorphic payloads that bypass modern EDR/AV solutions Cloud Attacks : AWS/Azure/GCP exploitation modules and container escapes Custom C2 : Covert communication channels and post-exploitation frameworks Reporting Engine : Auto-generate compliance-ready pentest reports Technical Skills Required Languages : Python (expert), C/C++, Go/Rust, Assembly basics Web Exploitation : OWASP Top 10 (SQLi, XSS, SSRF, Deserialization, SSTI) Binary Exploitation : Buffer overflows, ROP chains, heap exploitation Tools : Metasploit, Burp Suite, Cobalt Strike, IDA/Ghidra Cloud Security : AWS/Azure misconfigs, Docker/K8s attacks Evasion : AV bypass, sandbox detection, AMSI/ETW patching Must-Have Credentials HackTheBox : Minimum Pro Hacker rank (50+ owns) - include profile link CTF Experience : Active participation (picoCTF, DEF CON quals, GoogleCTF) GitHub Portfolio : Security tools, exploit development, CTF writeups Proven Skills : CVEs, bug bounties, or published exploits are a huge plus Preferred Qualifications TryHackMe Top 5% or PortSwigger Academy completion OSCP/OSWE in progress or completed pwnable.kr, ROP Emporium, or Nightmare challenges Personal security research blog or YouTube channel Contributed to open-source security tools Interview Process Portfolio Review : GitHub + HackTheBox profile assessment Take-Home Challenge : Design an attack chain for given scenario assignment Red Flags We Avoid Only used automated scanners Can&apost code beyond basic scripts No hands-on exploitation experience Ethical flexibility Green Flags We Love Built your own tools Linux nut Discovered real vulnerabilities Active security community contributor Why This Role This isn&apost a typical security internship running Nessus scans. You&aposll build the platform that makes traditional pentesting obsolete. Your code will simulate real attackers, helping protect thousands of organizations. We need someone who sees a login page and thinks "SQLi, NoSQLi, LDAP injection, or mass assignment" Someone who gets excited about bypassing protections, not just finding vulns. Show more Show less

As a Red Teaming & Web Application Security Specialist at Hitachi Digital, your primary responsibility will be conducting advanced offensive security assessments to identify vulnerabilities across applications, infrastructure, and processes. In this role, you will combine adversary simulation exercises (Red Team) with deep web application penetration testing to proactively uncover and address security weaknesses before they can be exploited by malicious actors. Key Responsibilities: - Red Teaming & Adversary Simulation: You will plan, execute, and document red team engagements that simulate realistic cyberattacks against the organization's systems, applications, and users. This will involve emulating threat actors" tactics, techniques, and procedures based on frameworks like MITRE ATT&CK. You may also need to conduct physical security assessments, social engineering campaigns (such as phishing and vishing), and insider threat simulations as required. Additionally, collaborating with the Blue Team to validate detection and response capabilities and providing actionable improvement plans will be part of your responsibilities. - Web Application Security: Your role will also include performing manual and automated web application penetration testing using tools like Burp Suite, OWASP ZAP, and custom scripts. You will be expected to identify, validate, and exploit vulnerabilities such as injection flaws, authentication bypass, XSS, CSRF, SSRF, and insecure deserialization. Working closely with development teams to remediate findings and ensure secure coding practices will be essential. Furthermore, conducting source code reviews to detect and eliminate security flaws will fall under your purview. - Security Research & Tool Development: You will be tasked with developing and maintaining custom tools, scripts, and exploits to enhance testing capabilities. Staying current with emerging attack vectors, zero-days, and security trends, as well as performing threat modeling and providing secure architecture recommendations, will be crucial aspects of your role. If you have a minimum of 7 years of experience in web security and red teaming, possess a passion for cybersecurity, and are eager to work with a top-tier SOC team, we invite you to join us at Hitachi Digital. Our team values diversity, equity, and inclusion, and we are committed to creating a culture where diverse perspectives and unique experiences are celebrated. At Hitachi Digital, you'll have access to industry-leading benefits, support for your holistic health and well-being, and flexible work arrangements designed to help you achieve a sense of balance and fulfillment in both your personal and professional life.,

Role & responsibilities Perform automated testing of running applications and static code (SAST, DAST). Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications Experience in one or more of the following a plus: mobile application testing, Web application pen testing, application architecture and business logic analysis. Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. Able to explain IDOR, Second Order SQL Injection, CSRF Vulnerability, Root cause, Remediation Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. Preferred one year of experience in development of web applications and/or APIs. should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA