Senior Application Security Engineer

We are looking for an Application Security Engineer to join us for a Three- Months project

Responsibilities

• Conduct in-depth manual penetration tests, identifying vulnerabilities in Web/Mobile Applications, Thick Clients, On-Prem and Cloud Infrastructures
• Conduct application security assessments, identify vulnerabilities and properly document findings and provide improvement recommendations.
• Conduct threat modelling, code review and application security design review for newly published and already developed applications.
• Reporting on findings and vulnerabilities including presenting results to non-technical managers
• Develop customized tools and automation scripts to improve identification of vulnerabilities at scale
• Detailed analysis of issues identified and exposure for the management including proof of concept, reproduction steps, and recommended remediation.
• Assisting in the continual development of the team and service through research and development activities. This includes the development of in-house tools the implementation of tools released to the community, and design and documentation of new and existing internal systems and processes.
• Undertaking projects and support tasks as appropriate to the role.

Minimum Qualifications

• Bachelor’s degree in information technology, Computer Science, or related field.
• 3-5 years of professional experience in project management.
• Knowledge of cybersecurity organization practices, operations, risk management processes, principles, architectural requirements, engineering and threats and vulnerabilities, including incident response methodologies

Core computing skills:

• Networking fundamentals – understanding of OSI Model, TCP/IP, HTTP, DNS, SMB, SMTP and relevant tools.
• Microsoft Windows and Office proficiency along with proficiency in one or more Linux distributions.
• Strong knowledge of web application technologies and security assessment including but not limited to: REST APIs, SOAP APIs, XML and JSON formats.
• Vulnerability identification and exploitation (not limited to OWASP Top 10).
• Experience with common assessment tools such as MITM proxies (e.g. Burp Suite Pro) and SQLMap.
• Good knowledge of internal and external infrastructure technologies and security assessment including but not limited to:
• Identification and exploitation of misconfigurations or known vulnerabilities in common enterprise infrastructure and services (Windows Domains, Linux servers, virtualization, databases, switches/routers, etc).
• Knowledge of a scripting language such as Python (preferred), Ruby, PowerShell, or Bash, for the development of new, or editing existing, tools.
• Evidence of rapidly and confidently gaining knowledge of, and applying knowledge of, emerging technologies, vulnerabilities, and penetration testing tools and techniques.
• Excellent time management including setting priorities and goals to complete assigned and arising tasks.
• Excellent report writing and presentation skills

Preferred Qualifications

• Proficiency in security concepts for both Windows and Unix-like Operating Systems
• Experience in source code review and/or building software with multiple programming languages (i.e. Python, Java, Rust, etc.)
• Experience in reverse engineering standalone, thick client and mobile applications
• Certifications like CREST (CRT, CCT), OSCP, GWAPT, OSCE, GXPN.