Who we are looking :

A successful Application Penetration Tester working at SEW should possess a deep understanding of both information security and computer science. They should understand basic concepts such as networking, applications, operating system functionality, application manipulation, vulnerability discovery, and analysis, as well as exploit development.

This job requires strong critical thinking skills and an analytical mindset; this career is technical and challenging with opportunities to work in some of the most exciting areas of security consulting on extremely technical and challenging work. A typical job could involve penetration testing of both software and network to breach the security of a target system or reverse-engineering an application and encryption method to gain access to sensitive data. If you have experience performing penetration tests against web applications, mobile applications and can present your findings while demonstrating strong analytical skills, then youre the type of Penetration Tester were looking for.

Requirements:

- Perform penetration tests of websites, services, infrastructure, networks, IoT Devices, and mobile applications to discover and exploit vulnerabilities

- Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities

- Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, etc.

- Detect, identify, and exploit vulnerabilities across various operating systems, applications, and hardware

- Develop comprehensive and accurate reports and presentations for both technical and executive audiences

- Effectively communicate findings and strategy to stakeholders

Qualifications :

- 5-8 years experience in: Web Application Assessments, Mobile Application Assessments

- Experience with penetration testing tools such as Metasploit, Burp Suite, Nmap, Kali Linux etc.

- Possess understanding of various penetration testing and hacking methodologies such as OWASP, PTES, NIST SP800-115

- Source Code Review & Reverse Engineering

- Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification preferred

- Demonstrated experience in one or more computer programming and scripting languages such as Python, Bash, PHP, Java, C#, .NET, Swift, Kotlin, JavaScript, Perl, Ruby

- Reverse engineering malware, data obfuscators, or ciphers

- Experience with methodologies pertaining to both static and dynamic analysis for different application types and platforms

- Strong knowledge of tools used for application testing and testing of different platforms, including those used in both static and dynamic analysis

- Thorough understanding of network protocols, data on the wire, application design and architecture, and different classes of application security flaws

- Computer science degree preferred.