- Apraksts
- Pamatinformācija
- Uzņēmums
Requirements for candidates
We are looking for experienced penetration testing specialists to join our application security team. The primary focus will be on regular security assessments of Netcracker product suite and customer solutions (self-service portals, CRM, rating and billing systems, cloud deployments). The role offers potential for growth both in technical domain and professionally.
What we are looking for:
- 2+ years of experience as a penetration tester
- Proven abilities to approach a black box and white box testing.
- Deep knowledge of OWASP top-10 vulnerabilities and attacks
- Practical experience in threat modelling
- Hands-on experience with vulnerability scanners (static and/or dynamic) and frameworks, including but not limited to Acunetix, Trustwave, OWASP ZAP, Burp, Nmap, Metasploit Framework and code scanners like IBM App Scan, Fortify, CheckMarx
- Hands-on experience with API penetration testing of Rest/SOAP based interfaces
- Detailed understanding of OAauth 2.0 protocol, OpenID standard and SAML standard
- Perfect knowledge of OWASP methodology and web vulnerabilities – you can easily explain and show how it works
- Desirable skills – Python or any other scripting language. system/network administratio
- Great if you have come across PCI, NIST guidelines including PII, ISO2700x, cloud security, virtualization, SecDevOps, containerized deployment.
Job description
- Discovering all information on system and solution exploitability (of Top 10 vulnerabilities categorized by OWASP, CWE/CVE like XSS, CSRF, CRLF, SQLi, XXE and uncommon HTTP Request Smuggling/Splitting, other) and security weaknesses from a variety of sources (technical documentation, source code, communication with project and development teams)
- Assessing of application and solution security controls against «black box», «grey box» and «white box» attacks using both manual and automated (DAST) penetration techniques
- Source code analysis (client/server/database) for vulnerabilities with scanning tools - SAST
- Adjustment of penetration testing methodology accordingly to the solution and environment architecture and threat model
- Analysis and evaluation of 3rd party vulnerabilities as part of product implementation processes
- Analysis of CIS benchmark and evaluation of results with development teams
- Prioritization of identified vulnerabilities accordingly to CVSS v.3.1
- Assessment of penetration test results with development teams, analysis, preparation and evaluation of mitigation options
- Analysis and evaluation of customer’ and 3rd party penetration test results
- Contribution in enhancing penetration testing process, tools and automation of SAST/DAST tools in CI/CD pipelines
- Contribution in enhancing penetration testing process of cloud products and the improvement SecDevOps processes
What we offer
- Competitive salary
- Medical insurance
- More than 300 hard and soft-skills programs by the corporate career development center
- Open environment and encouraging knowledge sharing culture
- Opportunity to practice foreign languages daily
- Flexible working hours and an opportunity to work remotely
Atrašanās vieta
- Rīga, Latvija
- Attālināta darba iespējas
Gunāra Astras iela 8b, Riga, LV-1082
Darba veids
- Pilna slodze
- Elastīgs darba laiks
Valodas
- Angļu
- Krievu
Zaiga Seflere
Netcracker office in Riga is an integral component in the growth of Netcracker as company and a major investment area. It is located in a vibrant part of Riga that is very convenient to reach by public or private transportation. The office concentrates on European clients and projects. The local expert team spans multiple departments, including Solution architecture and Business analysis, Software engineering, Solution delivery, IT and Customer support.
Netcracker Technology is the leading provider of BSS/OSS solutions to communications service providers, cable operators and digital innovators around the world. Netcracker serves more than hundreds of customers worldwide and has offices and representatives in over 50 countries. Our customers include Telefonica, Deutsche Telekom, Vodafone and A1. Netcracker is an industry leader with widespread recognition from analysts and experts, such as Frost & Sullivan, Analysys Mason, MEF, Layer123, TM Forum, Light Reading, Pipeline and GlobalData.
Netcracker is a wholly owned subsidiary of NEC Corporation. NEC has over 100 years of network expertise and innovation, more than 112 thousand employees, and over 28 billion dollars of annual revenue. NEC has leveraged the deep IT expertise and our aggressive go-to-market strategy by consolidating all NEC telecom software and service assets under Netcracker.
Reģistrācijas numurs: 40103892072