You will perform application security assessments to evaluate the vulnerability of technologies and applications to malicious hacking activity.
Responsibilities
Perform analysis of internal and external threats against information systems and predict future threat behavior.
Incorporate threat actor tactics, techniques, and procedures into offensive security testing.
Assess the security, effectiveness, and practicality of multiple technology systems.
Prepare and present detailed technical information, including reports and notifications.
Mentor junior assessors in technical tradecraft and soft skills.
Required Skills
Minimum of 4 years of professional experience in pentesting, application security, or ethical hacking.
Detailed technical knowledge in at least 3 of: security engineering, application architecture, authentication and security protocols, application session management, applied cryptography, common communication protocols, mobile frameworks, single sign-on technologies, exploit automation platforms, or RESTful web services.
Expertise in SQL injection/XSSS attack without using automated tools.
Experience performing manual code reviews for security-relevant issues.
Ability to manually identify and reproduce findings, develop PoCs, and discuss remediation concepts.
Proficiency executing common penetration testing tools and triaging incidents.
Experience performing manual web application assessments.
Knowledge of network and Web protocols, including UNIX/LINUX and TCP/IP.
Solid programming and debugging skills.
Preferred Skills
CISSP, CEH, OSCP, OSWE, GPEN, PenTest+ or similar certifications.