We are looking for an Application Security Test Engineer who has in-depth information security and information technology expertise, including industry knowledge and awareness of emerging technologies which impact cybersecurity. It requires a self-starting individual who is comfortable working across and partnering with a range of functions including Information, Development, Quality Assurance, Architecture with an emphasis on regulatory compliance.to promote best practices throughout the enterprise.
Key Job Responsibilities:
- In-depth testing of the security of critical applications and performing security gap analysis, threat modeling, and source code review of web programming and applications.
- Performing penetration tests against applications of advanced complexity, writing reports documenting report findings including all vulnerabilities, potential issues, and strengths found during the test.
- Advising and guiding software development teams in the remediation and response to discovered vulnerabilities, potential issues, and other weaknesses discovered during testing.
- Developing and implementing technology to automate security monitoring and testing.
- Developing, debugging, testing, and supporting certification and compliance processes.
- Creating, maintaining, documenting, and recommending security baselines.
- Actively participate in technical workgroups to recommend effective security configurations and architecture.
- Developing documentation to support ongoing information security operations, maintenance, and specific problem resolution.
- Providing risk analysis for vulnerabilities, incidents and change requests.
- Must be skilled in the use of security tools such as Burp Suite, sqlmap, commix, tplmap, dalfox, nmap, nuclei, ffuf, etc.
- Knowledge of bash and/or powerpoint at a level sufficient to automate routine tasks, and the ability to write and craft payloads.
- Familiar with OWASP WSTG.
- Strong understanding of Linux, Windows and Active Directory, networking and web protocols preferred.
- Experience with static/dynamic code analysis and software composition analysis tools.
- Experience with spring boot framework, spring security, REST API, microservices development and architecture.
- Familiarity with cryptography, API security and secret management.
- A bachelor's degree in Information Security or equivalent, and/or certifications in PenTest+, CEH, OSCP, or other penetration testing certifications will be given preference
This is an exciting opportunity to work with a highly innovative and creative team, in a great working environment using the latest technologies, methodologies, and frameworks. A competitive salary and benefits package is on offer to the right candidate.