REQUIREMENTS *Solid experience with Application Penetration Testing • Well-versed in threat modeling concepts including tooling associated with it • Able to communicate vulnerabilities in terms of risk and potential mitigations. • Firm understanding of DevSecOps / Pipeline scanning technologies. • Need to have hands-on manual web/application/api penetration testing • In depth understanding of all OWASP Top 10 vulnerabilities and associated OWASP Web Security Testing Guide WHAT THEY DON'T WANT 1. DevSecOps security scanning tools with some knowledge on manual testing techniques (not what we need). 2. Hands on experience network penetration testing with very limited app testing (not what we need). JOB DESCRIPTION Day to day: * Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs. * Execute manual and automated code analysis to assess the quality and security of source code. * Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews. * Develop custom tools and exploits. * Analyze security findings, including risk analysis and root cause analysis. * Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations. * Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations. * Execute verification and validation testing for customer mitigations and fixes
ANY GRADUATE