Location : India (work from anywhere)
Job Description & Requirements
4 to 5 years of experience in vulnerability assessment and penetration testing (VAPT) of applications
Strong knowledge of the OWASP, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Direct Object reference, Click jacking, buffer overflows, etc.
Experience in performing application security testing using manual techniques and automated tools along with runtime vulnerability testing tools.
Experience in static and dynamic secure code review.
Experience in manual application penetration testing of thick client applications, mobile applications, web services, APIs etc.
Thorough understanding of common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc and protocols including HTTP(S), DNS, FTP, SSH etc.
Should have performed manual mobile application penetration testing on platforms like Android, IOS etc.
Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
Experience in VA/PT of networks, servers, devices etc.
Good understanding of web application architecture and Secure development life cycle(SDLC).
Experience in threat modelling and risk analysis.
Understanding of software development methodologies such as waterfall, Rational Unified Process and Agile software development.
Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burpsuite Pro, etc) is desirable
Preferred certifications: OSCP, CEH
4 to 5 years of experience in vulnerability assessment and penetration testing (VAPT) of applications
Strong knowledge of the OWASP, SANS top 25, WASC security Standards and detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Direct Object reference, Click jacking, buffer overflows, etc.
Experience in performing application security testing using manual techniques and automated tools along with runtime vulnerability testing tools.
Experience in static and dynamic secure code review.
Experience in manual application penetration testing of thick client applications, mobile applications, web services, APIs etc.
Thorough understanding of common web technologies like .NET, PHP, Java, XML, SAML, SOA, SOAP, web services etc and protocols including HTTP(S), DNS, FTP, SSH etc.
Should have performed manual mobile application penetration testing on platforms like Android, IOS etc.
Should have knowledge on Risk Rating Standards like DREAD, CVSS etc.
Experience in VA/PT of networks, servers, devices etc.
Good understanding of web application architecture and Secure development life cycle(SDLC).
Experience in threat modelling and risk analysis.
Understanding of software development methodologies such as waterfall, Rational Unified Process and Agile software development.
Experience in automated web application vulnerability scanners (e.g., AppScan, Web inspect, Accunetix, Burpsuite Pro, etc) is desirable
Preferred certifications: OSCP
