Application security pen tester
Posted: July 24, 2024, 4:55 p.m. - Full Time - MumbaiZero Dark 24 is a leading provider of innovative cyber security services, dedicated to protecting organizations from digital threats. We are seeking a highly skilled Application Tester and Penetration Tester to join our dynamic team and help ensure the security and integrity of our clients' applications and systems.
Job Description: Position Overview: The Application Tester and Penetration Tester will be responsible for assessing the security of applications and systems through rigorous testing and evaluation. This role involves identifying vulnerabilities, documenting findings, and working closely with development and IT teams to implement effective security measures.
Key Responsibilities: • Conduct comprehensive application security testing, including static and dynamic analysis. • Perform penetration testing on web applications, mobile applications, and network infrastructure. • Identify and document vulnerabilities and security risks in applications and systems. • Develop and execute detailed test plans, test cases, and test scripts. • Collaborate with development teams to provide guidance on security best practices and remediation strategies. • Stay up-to-date with the latest security threats, vulnerabilities, and mitigation techniques. • Prepare detailed reports of findings, including risk assessments and recommendations for security improvements. • Assist in developing and implementing security policies, procedures, and standards. • Participate in security reviews and audits to ensure compliance with industry standards and regulations. • Conduct security training and awareness sessions for internal teams and clients.
Qualifications: • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field. • Minimum of 3 years of experience in application security testing and penetration testing. • Strong understanding of common application security vulnerabilities (e.g., OWASP Top Ten) and attack vectors. • Proficiency in using security testing tools such as Burp Suite, OWASP ZAP, Metasploit, Nessus, and others. • Experience with programming and scripting languages (e.g., Python, JavaScript, Ruby) for automation and testing purposes. • Knowledge of secure coding practices and code review techniques. • Familiarity with industry standards and regulations (e.g., ISO 27001, PCI-DSS, GDPR). • Excellent problem-solving skills and attention to detail. • Strong communication skills, both written and verbal, with the ability to explain complex security issues to non-technical stakeholders. • Relevant certifications such as CEH, OSCP, CISSP, or similar are highly desirable. Preferred Skills: • Experience with cloud security and testing in cloud environments (e.g., AWS, Azure, Google Cloud). • Knowledge of DevSecOps practices and integration of security testing into CI/CD pipelines. • Experience with mobile application security testing on iOS and Android platforms. • Understanding of network security principles and best practices.