Experienced in Web application penetration testing
Experienced Mobile application penetration testing
Coding skills to test/simulate infiltration
Excellent knowledge of computer security and systems
Understanding of how vulnerabilities and security breaches can disrupt business
Good in troubleshooting and problem-solving skills
5+ or more years conducting penetration testing using freeware and commercial tools like BurpSuite, security reviews, threat modeling, tracking findings.
Hands on exp in the area of DAST, SAST, Code review, DevSecOps etc.
Conversant in at least one programming language such as Python or Java
Familiar with typical web application vulnerabilities, especially OWASP top 10, understand the risk and principle of the vulnerabilities.
Hands on skills to identify common vulnerabilities in real application, not just demo or lab.
Understand how HTTP works.
Basic ability to research, study and know how to solve simple technical issues
Good to have skills
Ability to identify and exploit web vulnerabilities (XSS, CSRF, SQLi, SSRF, arbitrary file upload, etc.)
Ability to identify and exploit mobile vulnerabilities (API issues, insecure storage, memory corruption, deep links, etc.)
Create new testing methods to identify anomalies, vulnerabilities
Communication skills to collaborate with different teams, document execution report and share findings