Job Description :
- Conducting penetration testing exercises on intranet, internet, and web
- Conducting simulated attacks which replicate real-world exploitation techniques/scenarios
- Analysing data related to security vulnerabilities
- Generating reports on findings, risks and recommendations
- Working closely with technology teams to develop and implement relevant solutions
- Perform system, network and web application penetration tests regularly as per the schedule and any ad hoc request comes
- Perform black, gray and white-box Web Application and Web Service penetration testing.
- Designing and developing test automation scripts.
- Develop and lead the automation strategy/effort and generate scripts to perform automated testing cycles using Selenium & Appium
- Design, Execute and analyze automation test scripts & test results for Web applications, iOS, Android & Windows Phone apps
- Using test automation guidelines; Researching issues in software through testing.
- Collaborating with Software Developers to develop solutions.
- Keeping updated with the latest industry developments.
Qualifications: For this role, we- re also looking for someone with the following:
- Bachelor's Degree in Information Technology, Information Security or related field required - Relevant certifications such as OSCP (Offensive Security Certified Professional) and OSCE (Offensive Security Certified Expert)
- 4+ years of experience in penetration testing and automation
- Experience with networking, network protocols, and security infrastructures
- Familiar with penetration testing methodologies and standards (e.g. NIST, CIS, OSSTMM)
- Technical background and an understanding of the mobile apps & eco-system
- Good development/scripting skills in common languages which are Web-driver compatible language such as Java, Objective-C, JavaScript with Node.js, PHP, Python, Ruby, C#, or Perl with the Selenium WebDriver API and language-specific client libraries.
- Good experience with different Mobile Operating Systems (iOS, Android, Windows Phone)
- Expertise in bypassing / breaking authentication protocols (Enumeration, Brute-force, breaking application configuration parameters, etc.)
- Expertise in web session management. Testing of web servers logic and interfaces
- Expertise with Data Validation for Web Applications to test against vulnerabilities (e.g., ref. OWASP) such as XSS, injections (LDAP, SQL, HTML), overflows, etc.
- Creative thinker with an understanding of what can really work in a distributed and complex environment.
- Strong understanding of Windows and Linux environments and networking
- Ability to collaborate effectively as part of a team, as well as work independently with minimal supervision
- Ability to interact successfully with both technical and non-technical stakeholders
- Ability to handle the chaos of a fast-paced startup work culture and a willingness to take on additional tasks and support the work of other team members as necessary to achieve collective goals.
- Ability to write scripts/tools as required by the job
- Ability to work with minimal day-to-day direction and must be personally motivated to continually learn new, emerging technologies
