Web Engineer/Pen tester

Mitchell Martin, Inc.
New york city, NY
26 Mar 2024

Vacancy expired!

Our client, a multinational mass media corporation, is seeking anWeb Engineer/Pen tester

Location: New York, NY

Position Type: IT Full Time

Job Summary:

Currently seeking Senior Engineer-Web Application Penetration Tester, to join our Cybersecurity Security team, based in the US. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems.

Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed organization's expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.

Key Responsibilities:

  • Have a passion for breaking into websites and keen interest in information security.
  • Have a strong understanding of how web applications, both server side, and Single Page Applications function hosted in the cloud.
  • Have a keen eye towards business logic attacks.
  • Ability to perform web, mobile and API penetration testing
  • Intricate know how of BURP Suite Pro security tool
  • Prior corporate Experience of web penetration testing applications is required including PCI environments.
  • Deep understanding of OWASP top ten vulnerabilities.
  • You follow the bug bounty community closely to understand the latest hacking techniques.
  • Familiarity with manual code review techniques.
  • Strong plus familiarity with NodeJS, C#, PHP, Python, JAVA languages.
  • Familiarity with AWS ,Azure cloud

Requirements:

  • At least have a Bachelor's degree in computer science, software engineering or equivalent experience
  • At least have 5 to 7 years of Penetration testing experience (web, mobile, api)
  • Intricate know-how of BURP Suite Pro security tool and other Pen testing tools.
  • Ability to clearly state defensive techniques for discovered vulnerabilities.
  • Ability to communicate clearly how to remediate an issue.
  • Knowledge of how to write formal penetration reports and convey impact to business leaders.
  • Strong plus familiarity with NodeJS, C#, PHP, JAVA languages.
  • Strong plus familiarity with SWIFT, Objective-C, Kotlin languages (for mobile testing)
  • Expected to have some level of Python coding skills
  • Understanding of AWS IAM and AWS services is required. Other cloud platforms and plus.
  • Familiar with DNS Enumeration and supporting tools such as OWASP AMASS, Recon-Ng etc.
  • Experience with Gobuster, web fuzzing tools, nmap, password guessing/cracking and other common security tools.
  • Command line skills including writing bash scripts, powershell and ability to parse data from output of tools and logs
  • Some network penetration testing required.
  • Attend security conferences and CTF events regularly.

Desired Certifications :

  • GWAPT, GPEN,Offensive Security Web Expert (OSWE) , OSCP.
  • GIAC Cloud Penetration Testing (Google Cloud PlatformN) is a huge plus.
  • Cloud Certifications good to have

Salary: $145k
  • ID: #49553709
  • State: New York New york city 10036 New york city USA
  • City: New york city
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2023-03-26
  • Deadline: 2023-05-24
  • Category: Et cetera