Penetration Tester

Looking for a Penetration Tester with following requirements.

Technical Requirements

1.Web Application Security – Owasp top 10 , CVSS etc

2.Security Code Review – manual code review in Git etc

3.API Security Review – Open shift, container review etc.

4.Database Security – Requirements to enhance security on Database

5.Web Server Security – Requirements to enhance security on the web server

6.Configuration Review – has performed different configuration reviews and should have found good misconfigurations in the system.

7.Integration review – How the application connects with different systems, performed security review on those integrations.

8.Transport Layer Security – How communication channels are secured and understanding of the Transport layer security mechanisms and controls

9.Mobile App testing (Android & iOS)

Soft Skills

•Ability to collaborate with multiple stakeholders and manage their expectations from a security perspective

•Holistic thinking; must balance security and functionality using practical demonstrable examples. Must also contribute to and implement “good architecture principles” to lower technical debt

•Assertive personality; should be able to hold her/his own in a project board or work group setting

•Superlative written and verbal communication skills; should be able to explain technical observations in an easy-to-understand manner

•Ability to work under pressure and meet tough/challenging deadlines

•Influencer- must be able to convince various stakeholders (internal IT Teams, C-Level execs, Risk & Audit) of why a certain observation is a concern or not

Bachelor’s degree in a computer-related field such as computer science, cyber/information security discipline, physics, mathematics or similar

• General Information Security: OSCP, CEH, CISM/CISA or similar

• General Cloud Security: CCSK /CCSP or similar

• Specific Cloud Security: Azure Security or similar

• Network Security: CCNA, CCNP, CCIE, Certified Kubernetes Security Specialist

Knowledge & Skills

• Expert at the Web application Security testing, in depth testing skillset and ability to bypass weak implementation for attacks, ability to bypass WAF for attack scenarios such as XSS, SQL Injection etc.
• Good understanding of Microservice based architecture (Technical)
• Good hands-on experience solutioning technology architectures that involve perimeter protection, core protection and end-point protection/detection & API /Micro services Security
• Experience working in a DevOps environment with knowledge of Continuous Integration, Containers, DAST/SAST tools and building Evil Stories (Technical)
• The Analyst / Engineer should be able to understand how different systems work and what security controls are implemented in such integrations.
• The Analyst / Engineer should be capable in understanding the hardening standards, creating one if not available, and perform the testing against the hardening standards.
• The Analyst / Engineer should be capable of assessing security flaws in underlying infrastructure and the connected components.
• The Analyst / Engineer should be capable of assessing the security flaws in the Transport Layer.