Pen Tester

Key Responsibilities / Required Skills:

• Experience in manual penetration testing, particularly in web and mobile applications.
• Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.
• Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
• Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix for vulnerability assessments.
• Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.
• Familiar with Azure cloud security architecture, VNets, and Azure DevOps pipelines.
• Proficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.
• Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.
• Experience in building and assessing API security frameworks and secure coding practices for web apps.
• Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
• Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF) challenges.
• Passion for discovering new vulnerabilities and security exploits.
• Excellent written and verbal communication skills to clearly articulate security risks and remediation strategies.
• Familiar with common technology stacks such as LAMP, LEMP, and MEAN, as well as secure coding practices for these environments.
• Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.
• Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications follow security best practices.
• Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.
• Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in Java, Python, and Objective C.
• Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues like XSS, SQLi, CSRF, etc.
• Provide feedback on application architecture regarding network security, SSL/TLS configurations, and cloud security best practices.
• Stay updated on emerging security vulnerabilities, develop API security strategies, and integrate security controls into the CI/CD pipeline.

Certifications:

• Desired certifications include OSCP, OSWA, CEH, or relevant SANS certifications.