Job Description :
Education and Experience
Bachelor''s degree and at least 5 years of experience in manually testing web applications and enterprise penetration testing
Experience with scripting languages (e.g. perl, python, PHP, ruby) and programming languages (e.g. JAVA, Objective C)
Ability to explain networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback to clients
Background in web application development and/or code auditing strongly preferred
Strong verbal & written communication skills
Passion for discovering and researching new vulnerabilities and exploitation techniques
Vulnerability and threat management experience
Experience with various security tools and products (AppScan, Nessus, Wireshark, Burp Suite, HP Web Inspect)
Good understanding of the components of a secure DLC/SDLC
Vulnerability analysis and application reversing skills
Understanding of cryptography principles
Job Description
Perform application and infrastructure penetration tests, as well as physical security review and social engineering tests for clients
Perform security reviews of application designs, source code and deployments as required; covering all types of applications (web application, web services, thick client applications)
Review and define requirements for information security improvements
Work on improvements for provided security services, including the continuous enhancement of existing testing methodologies, materials and supporting assets
Conduct architecture security reviews, application testing, internal vulnerability assessments and external penetration testing modeled after real world attackers (i.e., exploit and pivot)
Conduct security architecture reviews of the full stack including applications built on cloud and emerging technologies
Conduct manual application security testing and source code auditing for a variety of technologies.