Penetration Tester

Dla jednego z Naszych klientów poszukujemy Penetration Testerów z poniższymi wymaganiami:

You must have minimum 3 years of experience in an information security function with good background in information technology, stakeholder management and people management 

Primary/General Job Purpose: 

• Proactively embed security requirements, by influencing implementation of security & privacy patterns from the start of the development cycle 
• Implement via Influence - Influence stakeholders such as Product Owners, Solution Architects, Developers, Testers, Engineers & others to include security patterns into features, epics and stories in order to build secure, innovative & superior digital products for customers and employees 
• Assessments – Perform security assessment and perform gap analysis to provide appropriate remediations to the teams for implementing the fixes. 

 Technical Requirement:

• Web Application Security – Owasp top 10 , CVSS etc 
• Security Code Review – manual code review in Git etc 
• API Security Review – Open shift, container review etc. 
• Database Security – Requirements to enhance security on Database 
• Web Server Security – Requirements to enhance security on the web server 
• Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system. 
• Integration review – How the application connects with different systems, performed security review on those integrations. 
• Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls. 

Key Skills:

Web Application Security, Security Code review, API security, Underlying infrastructure security, Integration Security, Database Security, Secure Configuration Review. 

Tools and Technologies:

Burp Suite, Postman, Tenable Nessus, Checkmarx SAST, GitHub