REQUIREMENT

Degree in Computer Science / IT Security or other related disciplines Should have an overall exposure and understanding of Application and Network Security testing (VAPT) Strong knowledge of the OWASP Top 10, OWASP Mobile Top 10, SANS top 25. Detailed knowledge of common web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Insecure Direct Object reference, Click jacking, buffer overflows, etc. Experience in manual application penetration testing of web- based applications, thick- client applications, mobile applications, web services, API s etc. Experience in manual mobile application penetration testing on platforms like Android, IOS, etc both client and server side applications. Should have knowledge on Risk Rating Standards like DREAD, CVSS etc. Experience in automated web application vulnerability scanners (e.g. Web inspect, Burp suite Pro, etc) Knowledge in Configuration Review based on standard CIS security hardening baselines or custom baselines Should have performed Black Box / Grey Box Application penetration testing. Experience in performing Network VA using popular tools such as Nessus or Nexpose. Experience in performing Network Penetration Testing for both internal and external networks. Good understanding of application protocols such as HTTP, SAML, OAUTH, OpenID Connect, etc. Good understanding of operation system and common application or services, such as webservice and active directory Good understanding of network technologies and protocols such as NIPS, IDS, TLS/SSL, DLP, firewalls, WAF, DNS and other common technologies and protocols. Knowledge in end-to-end flow on executing application and network penetration testing. Should be able to work as individual contributor or as team player wherever required. Certifications that would be added advantage – OSCP, GIAC Certifications (GWAPT, GPEN) CREST CRT, OWSE, CEH

DETAIL LOWONGAN

• Umur -
• Min. Qualification S1/D4
• Min Experience Staff