Collaborate seamlessly with software development, system engineering, and security architect peers to fortify application security and ensure robust implementation of security controls.
Pioneer innovative application security testing methods and support team efforts in automating security test cases for maximum effectiveness.
Act as the Subject Matter Expert (SME) in web application security, providing invaluable insights during the application development phase.
Offer expert guidance, conduct comprehensive testing, and provide recommendations to ensure secure application releases. This includes configuring, executing, and monitoring automated security testing tools.
Conduct meticulous manual validation of vulnerabilities and perform penetration testing across Web applications, Mobile applications, Thick clients, and APIs.
Document exploit chains and create proof of concept scenarios for internal client consumption.
Require skills:
A degree or certificate in management information systems, cyber security, mathematics, computer science, or a related field; or 7+ years of relevant information security experience.
Hands-on experience in manually testing web applications, APIs, and mobile platforms for security vulnerabilities.
Familiarity with best practices in vulnerability assessment, remediation, and penetration testing.
Proficiency in tools like Burp Suite and its extensions for penetration testing, along with development experience and a working knowledge of Java.
Exceptional analytical and debugging skills, paired with excellent communication abilities.
OPTIONAL:
Security-related certifications such as CISSP, GPEN, GWAPT, GCEH, OSCE, or OSCP.
Experience with Linux operating systems, Mobile application programming, Web application technologies, Source code analysis software, Cloud Security (Azure/AWS Security Controls), and Scripting languages (preferably Python).