Role: Application Security Tester(Penetration Testing)
Location Ottawa Canada
Duration Long Term
This is a key role within the application delivery team, validating the security of the application throughout the SDLC.
The candidate will work closely with architects, tech leads, IT security team, testing team, and product owners to understand the requirements, design and develop appropriate security abuse cases, execute, and produce reports.
Responsibilities
- Conduct technical scoping of security testing activities required in a project.
- Define abuse cases, and Execute security tests using a broad range of tools to discover and exploit possible vulnerabilities and weaknesses within cloud, on-prem and hybrid environments
- Bring in appropriate tools to the organization and set up relevant testing configurations to enhance practical testing processes.
- Perform controlled and methodological attempts to exploit identified vulnerabilities, simulating real world attacks. Manual Pen testing.
- Perform application security assessments using industry standards OWASP ASVS, NIST, PCI DSS.
- Analyze and understand the impact and severity of exploits. Determine the risk and consequences that could result from these vulnerabilities.
- Document findings and remediation recommendations and collaborate with security consulting team and architects to ensure vulnerability findings are successfully and efficiently addressed.
- Provide guidance on implementing and/or improving secure software development processes
- Stay up to date with latest security vulnerabilities, techniques and industry best practices.
- Typical security testing activities:
- Conduct comprehensive penetration testing and vulnerability assessment on our network, system, and application.
- Conduct Vulnerability Assessment of applications to identify potential security risks. This involves using various industry tools like, Burp, Kali Linux, nmap, ZAP, Metasploit, wireshark, SQLMap, fuzzing tools and other open source tools.
- Software/Web Application penetration testing
- API penetration testing
- Mobile Application Penetration Testing
- Network Penetration Testing
- SAST and DAST
Requirements
- Bachelor's degree in computer science or related field
- Candidate should have 5+ years of experience of application security testing
- Experience with security and architecture testing and development frameworks, such as the Open Web Application Security Project (OWASP), Open-Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), Information Systems Security Assessment Framework (ISSAF), and NIST SP800-115
- Familiarity with security testing techniques such as threat modeling, network discovery, port and service identification, vulnerability scanning, network sniffing, penetration testing, configuration reviews, firewall rule reviews, social engineering, wireless penetration testing, fuzzing, and password cracking and can perform these techniques from a variety of adversarial perspectives (white-, grey-, black-box)
- Experience with discovering, utilizing, and possibly writing exploits for such vulnerabilities as buffer and stack overflows
- Familiarity with the logistics of security testing such as acquiring authorization for testing, reporting, risk analysis of findings, data handling, and legal considerations.
- Certified Ethical Hacker (CEH); GIAC Certified Penetration Tester (GPEN); Offensive Security Certified Professional (OSCP); or equivalent development or testing certification (ECSA, CEPT, CPTE, CPTS, etc.) certifications
Thanks & Regards,
Harshaja
Atlantisitgroup
Email: [email protected]
Phone#:647-953-1625