Job Roles and Responsibilities:
- Possesses hands-on knowledge of Web application Security VAPT.
- Possesses strong hands-on knowledge on security tools like Kali, Burp Suite, Zap proxy, OpenVAS, Nessus etc.
- Strong knowledge of the OWASP Top 10, SANS top 25, WASC security standards, OSSTMM, PTES, NIST standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc.
- Thorough understanding of common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc. and protocols including HTTP(S), DNS, FTP, SSH etc.
- Experience in manual application penetration testing of web-based applications, thick-client applications, mobile applications, web services, API’s etc.
- A hands-on experience and understanding of SAST and Code Review.
- Should have exposure to mobile application penetration testing on platforms like Android, IOS, etc. – both client and server-side applications.
- Create comprehensive assessment report with details of vulnerabilities identified, categorization of the risks by assessment of potential impact and detailed remediation/recommendation for all the identified risks.
- Researching the latest security best practices, staying abreast of new threats and vulnerabilities and helping to disseminate this information within the group as well as the organization.
- knowledge of cloud platforms (Azure, AWS and GCP) and experience in performing security tests against applications deployed in cloud is an asset.
- Find cost-effective solutions to cybersecurity issues
- Develop best practices and security standards for the organization
- Assist fellow employees with cybersecurity, software testing best practices
- At least 2 to 4 years of working experience in the cybersecurity domain.
- Comfortable working in a fast-paced environment
- Industry certifications should be added advantage – At least one of the below is recommended apart from CEH – ECSA, OSCP, OSWE, GSEC etc
- Certifications such as CISSP, GSEC, CEH or CISM will be plus
- Work closely with customer centric project teams independently and serve as a single point of contact for all security testing related activities.
- Critical thinking skills and the ability to solve problems as they arise
- Basic coding skills, such as HTML, CSS and other languages
- Excellent written and verbal communication skills.
- Develop frameworks and methodologies to evaluate security in new and emerging technologies.