Description
Description:Applause is looking to expand the team of penetration testers / ethical hackers to engage in vulnerability assessments and manual penetration tests in a private bug bounty model for web, mobile, desktop applications, APIs, network systems and more, covering a full suite of services for the vast Applause customer base world-wide.
If you enjoy tinkering with systems, exploiting vulnerabilities in applications, joining the Applause security team can be your next step in building a reputation globally. You will gain significant additional exposure to clients and applications you'd never have seen otherwise while working in a team comprised of seasoned experts and junior entry level penetration testers earning money for valid vulnerabilities you identify and document.
The main difference to public bug bounties of other large companies? You can actually find issues sometimes within just a few minutes because the apps you'll test are not hardened and competition is much smaller than on a public bounty program. You can also see issues reported by other testers in real-time which you won't find elsewhere. SQL injections, remote code executions, serious access control flaws, IDOR, buffer overflows etc. all within reach in these projects. When's the last time you were allowed to exploit one of those for real?
The successful candidates will primarily be working in the areas of:
- Application penetration testing
- Internal & External Network & infrastructure penetration testing
- Secure application development lifecycle
- You will be expected to have some experience in some or all of the above areas and will wish to further your career in this area.
You'll need to have a passion for this area and understand what it means to use ethical hacking skills to help organisations protect their systems and information assets. You could be responsible for trying to break the most advanced defences in the world working with the best in your field across industries and sectors. You'll need an enquiring mind, the tenacity to overcome technical challenges, and an ability to approach problems from different perspectives.
Job description
You will be conducting manual penetration tests on applications of varying complexity, from a simple looking one-page website which will turn out to have issues across all OWASP TOP 10, to extremely hardened enterprise CRM web applications, mobile applications with proprietary algorithms, space station infrastructure and more.
The work is usually performed remotely as part of a team of other penetration testing experts that you will both compete with and collaborate with. You will have insights into the findings of any of the other testers on the team, so you will have the ability to learn from the very best on every assessment and improve your skills.
You will use a common tool suite for web and mobile testing, including Kali Linux, burpsuite (or other proxy tools you enjoy using) but have free reign over the choice of tools unless specific project instructions restrict that.
Skills & Requirements
Key competencies required:
- A variety of security testing tools and exploits to identify vulnerabilities and recommend corrective action to developers.
- Strong inter-personal and communication skills.
- Report-writing skills.
An understanding or practical experience in the following shall be considered essential:
- Application penetration testing
- Network / infrastructure penetration testing
- OWASP
- BURP or equivalent
- Secure application development principles
Qualifications and Skills
- Hands on Penetration Testing experience
- Strong technical understanding of current security trends and solutions.
- Experience in at least one, preferably more than one of the following areas
- Web application security
- Mobile application security
- API security
- CREST or OSCP/OSCE certifications, CHE or equivalent are preferable but not a strict requirement.
Bonus experience
- You have found 0-day vulnerabilities and dealt with them in a responsible manner
- Major vulnerabilities found in public bug bounty programs (with published results, e.g. blog post write up)
About Applause
Applause empowers global brands to deliver flawless digital experiences for their customers on any device, in every location. Our full-service solutions for testing, customer feedback and research enable businesses to delight customers, increase the top line and innovate faster.
Applause ensures digital experience quality in a way no other approach can - via our community of over 250,000 professional testers and on-demand panelists, located all around the globe, with an unlimited set of digital device configurations.
Thousands of companies of every size - including Google, FOX, Nike, BMW, PayPal and Slack - rely on Applause to dramatically decrease both the time and the costs of delivering great digital experiences for their customers.
In order to apply for this position, please follow the 'apply now' link. It will lead you to our FAQ page where you can find the signup form at the bottom of the page.
For any questions please do not hesitate to contact Nico Grieger at the email address below using the subject "Pen-Tester".
We Have Great Benefits:
- Working from Home
- Transparent Earnings
- Flexible Working hours - you decide when you work
- Freelancer Activity
- Bug Bounties