Description
Proteus Europe is currently looking for a Senior Security Tester/Penetration Tester for one of our prestigious global clients.
A job position is available to join the penetration testing team which offers an independent evaluation of the security measures in products by attacking existing systems.
In a role of a network security tester the new team member will focus on testing and evaluating the security of web services. That will include creating and executing a pentesting plan, reporting the found vulnerabilities and recommending how to fix them.
The team is also responsible for maintaining a knowledge base of existing hacks and potential vulnerabilities in specific targets. Finally, auxiliary tools will be developed as part of the execution and automation of the attack vectors.
In general, the following activities are expected to be executed by the new team member:
- Hands on penetration testing
- Development of helper security verification tools
- Performing security design reviews of Web applications, network/cloud deployments
- Security code reviews of Web applications and/or Web API
- Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
The candidate needs to have the following profile/experience:
- Deep knowledge of web technologies and vulnerabilities: HTML5, PHP, JavaScript, CSS, XML, JSON, jQuery, TomCat, etc
- Good knowledge of network protocols and network protection techniques (Firewalls, filtering, other) and methods to attack them
- Deep knowledge of Web service technologies such as: SOAP, REST, etc. As well as deep knowledge of WebService security schemes: OAUTH, SAML, etc.
- Good working knowledge of at least one of these Scripting languages: Python, Ruby, Perl.
- Working knowledge of basic cryptographic principles: Symmetric/Asymmetric encryption, PKI, etc.
- Experience with security code review
- Knowledge of multiple RDBMS systems: MySQL, POSTGRESQL, Oracle, etc.
- Excellent analytical skills and ability to think out of the box
- Experience with both Linux and Windows OS
- Strong command of English
- Good communication and writing skills
Experience in the following topics is desirable:
- Experience with AWS EC2 and S3 services
- Mobile application security
I look forward to chatting with you and discussing this role in more depth.