Engagement Description –
We are seeking a highly skilled and experienced Penetration Tester to join our team. Our goal is to stand up a formal process to periodically scan, detect, prioritize, and report on the security posture and health of publicly accessible web applications and websites, by checking for known vulnerabilities and weak configurations. The ideal candidate will have a strong background in cyber security, with expertise in performing penetration testing and vulnerability assessments. As a Penetration Tester, you will play a crucial role in establishing a cycle of scanning, reporting, and remediation to include application and website stakeholders as part of our regularly scheduled Threat and Vulnerability Management process.
Top 3 Required Skills/Experience –
• Enterprise application penetration testing, with a strong understanding of OWASP Top 10 and CWE Top 25 vulnerabilities (e.g., XXE,
XXS, SQLi).
• Manual penetration testing of Network & Web applications, and Web Services penetration testing (RESTful and SOAP).
• Familiarity with Web Authentication protocols (e.g., OAuth2, SAML, LDAP)
• Familiarity with Tenable Web Application Module, Acunetix and Synopsis
Required Skills/Experience – The rest of the required skills/experience. Include:
• 3-5 years of experience in Penetration Testing, with a focus on dynamic web applications.
• Experience in development and/or code auditing is strongly preferred.
• Hands-on experience manually testing web applications and APIs, with a background in web application development and code
auditing.
• Proficiency in AWS, Cloud Audit, Serverless, Microservice Architecture, and scripting languages (e.g. Java).
• Working knowledge of basic networking concepts, application architecture, and AWS services.
• Excellent verbal and written communication skills.
• Ability to exploit recognized vulnerabilities and discover new vulnerabilities.
• Hands-on experience with both white box and black box testing • Good to have CEH, OSCP or any security vendor certification would
be preferred.
Preferred Skills/Experience – Optional but preferred skills/experience. Include:
• Experience in testing business critical environments.
• Real-time traffic analysis, network IDS and packet dissection.
• Solid understanding of information security and applied cryptographic protocols.
• Good knowledge of security technologies for secure software development such as cryptography, authentication techniques and
protocols etc.
• Good to understand tools and technologies for performing Penetration Testing.
Education/Certifications – Include:
• Preferred, but not required:
o CISSP
o CEH (Certified Ethical Hacker)
CategoryAnalyst
FunctionInformation Technology
Req IDJN -112023-120613