We are looking for someone with strong understanding of security principles, policies, and industry best practices and solid technical skills in both information security architecture and penetration testing. You should have the ability to assess testing tools, deploy the right ones, explain findings to non-technical professionals and simulate sophisticated cyber-attacks to identify vulnerabilities. You should also be efficient in writing technical reports and presentation skills
You should have hands on experience on the below mentioned areas:
- Web application penetration testing.
- API penetration testing.
- Mobile Application penetration testing on iOS and Android platforms.
- Security assessments on a wide variety of software technologies and implementations.
- Commercial and open source security solutions such as Acunetix, Burp Suite, Metasploit, Nessus, Kali Linux, etc.
You should be familiar with the following areas:
- Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- XML, SOAP, JSON, and AJAX
- popular webservers like IIS, Tomcat, JBoss, etc
Knowledge of Databases and SQL and experience in scripting and programming will be an added advantage for this role.