Application Security Test Engineer


We are looking for an Application Security Test Engineer who has in-depth information security and information technology expertise, including industry knowledge and awareness of emerging technologies which impact cybersecurity. It requires a self-starting individual who is comfortable working across and partnering with a range of functions including Information, Development, Quality Assurance, Architecture with an emphasis on regulatory promote best practices throughout the enterprise.

Key Job Responsibilities:

  • In-depth testing of the security of critical applications and performing security gap analysis, threat modeling, and source code review of web programming and applications.
  • Performing penetration tests against applications of advanced complexity, writing reports documenting report findings including all vulnerabilities, potential issues, and strengths found during the test.
  • Advising and guiding software development teams in the remediation and response to discovered vulnerabilities, potential issues, and other weaknesses discovered during testing.
  • Developing and implementing technology to automate security monitoring and testing.
  • Developing, debugging, testing, and supporting certification and compliance processes.
  • Creating, maintaining, documenting, and recommending security baselines.
  • Actively participate in technical workgroups to recommend effective security configurations and architecture.
  • Developing documentation to support ongoing information security operations, maintenance, and specific problem resolution.
  • Providing risk analysis for vulnerabilities, incidents and change requests.

Key Skills:

  • Must be skilled in the use of security tools such as Burp Suite, sqlmap, commix, tplmap, dalfox, nmap, nuclei, ffuf, etc.
  • Knowledge of bash and/or powerpoint at a level sufficient to automate routine tasks, and the ability to write and craft payloads.
  • Familiar with OWASP WSTG.
  • Strong understanding of Linux, Windows and Active Directory, networking and web protocols preferred.
  • Experience with static/dynamic code analysis and software composition analysis tools.
  • Experience with spring boot framework, spring security, REST API, microservices development and architecture.
  • Familiarity with cryptography, API security and secret management.
  • A bachelor's degree in Information Security or equivalent, and/or certifications in PenTest+, CEH, OSCP, or other penetration testing certifications will be given preference

This is an exciting opportunity to work with a highly innovative and creative team, in a great working environment using the latest technologies, methodologies, and frameworks. A competitive salary and benefits package is on offer to the right candidate.

Najbolji proces selekcije u 2020. – IT industrija – 3. mesto


Please enter your comment!
Please enter your name here