Role: Application Security/Penetration Tester
Experience: 6 to 10 years
Domain: Retail
Job Description :
- Conduct Threat Models and security architecture reviews of the full stack including applications built on cloud and emerging technologies.
- Conduct manual application security testing and source code auditing for a variety of technologies.
- Provide clear and detailed risk assessment and remediation guidelines for developers and business owners.
- Write and present security training to developers.
- Conduct penetration testing targeting critical Apple data, services, and environments.
- Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks
- Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
- Develop tools and exploits to support application security review and/or penetration testing.
Key Skills:
- Manual Web application testing experience.
- Penetration testing experience.
- Source code auditing experience (primarily Java).
- Experience with a scripting language (e.g. Perl, Python, PHP, Ruby).
- Knowledge of core networking concepts (routing, ACL, load balancers, SSL/TLS, TCP).
- Strong verbal & written communication skills.
- Passion for discovering and researching new vulnerabilities and exploitation techniques.
- Experience in Threat Modelling.
- Solid understanding of Cryptography.
- Proficiency in either Mac OS X and other flavors of UNIX.