Description
A Senior Penetration Test Engineer (Web Services/Network) is needed for a global leading electronics, entertainment and multi-media organisation, based in Belgium on a 12 month rolling contract.Job Responsibilities
In the role of a Senior Penetration Tester, you will focus on testing and evaluating the security of web services. That will include creating and executing a security testing plan, reporting the found vulnerabilities and recommending how to fix them.
In general, the following activities are expected to be executed by the Senior Penetration Test Engineer:
- Hands on security testing/reverse engineering (a.k.a. penetration testing)
- Development of helper security verification tools
- Performing security design reviews of Web applications and network/cloud deployments
- Security code reviews of Web applications and/or Web API
- Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
Job Requirement
The suitable candidate needs to have the following profile/experience:
• Deep knowledge of web technologies and vulnerabilities: HTML5, PHP, JavaScript, CSS, XML, JSON, jQuery, TomCat, etc.
• Extensive experience with penetration testing Web Services.
• Experience with network and web scanning tools like Qualis, Nessus, Acunetix, or Appscan.
• Practical knowledge of OWASP
• Good knowledge of network protocols and network protection techniques (firewalls, filtering, other) and methods to attack them
• Experience with Python, Java, and/or SQL
• Experience with shell scripting
• Experience with both Linux and Windows OS
• Experience with doing security reviews of architectures, designs and code with the purpose of finding security flaws and/or risk full coding approaches
• Strong command of English
• Excellent analytical skills and ability to think out of the box
• Excellent communication and writing skills
Experience in the following topics is desirable:
• Experience with AWS EC2 and S3 services
• Experience with OpenStack
• Experience with reverse engineering tools and techniques
• Cryptography (RSA, SHA-1, AES, …)