Application security assessments for web applications, Mobile Apps (Android, iOS), APIs, Cloud, IOT devices & Thick Client etc.
Security design reviews.
Secure Code reviews
External & internal Penetration Testing
Security automation for DevSecOps readiness.
Documentation of Security Findings & Reporting.
Perform hands-on application penetration testing as well as static and dynamic analysis, auditing results, and plans for vulnerability remediation.
Remediation support with developers in the closure and follow-ups to secure the solutions.
Communicate and track remediation plans with all stakeholders and where applicable recommend mitigating/compensating controls.
Skills:
Excellent verbal/written communication
Web Application Pentest with exploitation experience across various frameworks like node, angular, react along with LAMP, MEAN stack-based apps.
Proficiency in programming language (e.g. Python, BashShell, PowerShell) exposure to DevSecOps, Security Architecture review and Network Security assessment would be a bonus.
Hands-on with industry standard proxy and DAST tools (Burp Suite, OWASP zap), SQL Map, Echo Mirage, Nessus, Nmap, Metasploit & Kali Linux suite of tools
Mobile Application Pentest - Perform static, dynamic and memory analysis of Android and iOS Apps.
Stay up to date with latest CVEs/developments/news in the Cyber Security world.
Ability to multi-task, prioritize, and manage time effectively
