Perform Web Application security assessment.
Perform Mobile application security assessment.
Conduct application penetration exercise using automated tools, customized exploits and manual analysis.
Conduct network penetration testing, system vulnerability assessment & security configuration review
Provides analysis and validation post remediation.
Qualifications
Academic Qualification: Engineering/ IT Graduate; MCA; MS IT; MSc IT; Graduate degree in Information security.
Professional Certification: One or more of following certification is desirable- CEH; OSCP; OSCE; CSSLP; CISSP; CISA, CISM; SANS
Experience & Key Skills/ Competency
• Practical experience in manual & automated grey box application security assessment
• Practical experience in mobile application (android / iOS) security assessment
• Exposure to API security testing
• Experience in using application security assessment tools/platforms such as Burp Suite, Paros, Samurai WTF, Kali Linux, Charles, Metasploit.
• Understanding of the OWASP Top 10 application security risks.
• Knowledge of networking concepts like TCP/IP, UDP, HTTP, TLS, SSH, DNS, firewalls, etc.
• Experience of drafting web application security assessment report.
• Excellent problem solving and analytical skills; outstanding oral and written communication skills.
• Practical experience with Static and Dynamic Application Security Test (SAST/ DAST) solutions e.g. Fortify, Veracode, Checkmarx is desirable.
• Candidate with software programming background with language and tools such as Java/JavaScript; JSP; Python; PHP; ASP.Net HTML/CSS is desirable.
• Experience in conducting network penetration testing & system vulnerability assessment using VA tools (e.g. Nessus, Nexpose etc.) and VA checklist is desirable