Description

In general, the following activities are expected to be executed by the new team member:

  • Hands on penetration testing 
  • Development of helper security verification tools
  • Performing security design reviews of web applications, network/cloud deployments
  • Security code reviews of web applications and/or web APIs
  • Writing clear vulnerability reports and provide guidance to the development teams on fixing the security issues
  • Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
  • Own the project from the beginning to the end

 

Profile

The candidate needs to have the following qualifications:

  • Strong hands-on penetration skills
  • Deep knowledge of web technologies (HTML5, Java, JavaScript, Tomcat, etc.)
  • Deep knowledge of application security mechanisms such as authentication and authorization techniques, data validation, output sanitization/encoding and proper use of encryption
  • Excellent understanding of web applications, web browsers, web servers and frameworks 
  • Experience with common penetration testing tools, including Burp Suite, Nessus, sqlmap, Nmap, Wireshark
  • Good knowledge of network protocols and network protection techniques (firewalls, filtering, other) and methods for bypassing them
  • Deep knowledge of web service technologies such as: WebSockets, SOAP, REST, JSON, XML, etc., as well as deep knowledge of WebService security schemes: OAuth, SAML, etc.
  • Good working knowledge of at least one of these scripting languages or frameworks: Python, Ruby, NodeJS, PHP
  • Working knowledge of basic cryptographic principles: symmetric/asymmetric encryption, PKI, etc.
  • Experience with fuzzing and security code review
  • Knowledge of multiple RDBMS systems: MySQL , PostgreSQL, ORACLE, etc.
  • Excellent analytical skills and ability to think out of the box
  • Experience with both Linux and Windows OS
  • Strong command of English 
  • Good communication and writing skills

 

Experience in the following topics is desirable:

  • Experience with AWS (including serverless architectures), GCP, MS Azure
  • Mobile application security 

Education

Any Graduate