268
SECURITY TEST ENGINEER/PENETRATION TESTER
SECURITY TEST ENGINEER/PENETRATION TESTER
Netcracker
SECURITY TEST ENGINEER/PENETRATION TESTER

SECURITY TEST ENGINEER/PENETRATION TESTERNetcracker

Requirements for candidates

We are looking for experienced penetration testing specialists to join our application security team. The primary focus will be on regular security assessments of Netcracker product suite and customer solutions (self-service portals, CRM, rating and billing systems, cloud deployments). The role offers potential for growth both in technical domain and professionally.

What we are looking for:

  • 2+ years of experience as a penetration tester 
  • Proven abilities to approach a black box and white box testing.
  • Deep knowledge of OWASP top-10 vulnerabilities and attacks
  • Practical experience in threat modelling
  • Hands-on experience with vulnerability scanners (static and/or dynamic) and frameworks, including but not limited to Acunetix, Trustwave, OWASP ZAP, Burp, Nmap, Metasploit Framework and code scanners like IBM App Scan, Fortify, CheckMarx
  • Hands-on experience with API penetration testing of Rest/SOAP based interfaces
  • Detailed understanding of OAauth 2.0 protocol, OpenID standard and SAML standard
  • Perfect knowledge of OWASP methodology and web vulnerabilities – you can easily explain and show how it works 
  • Desirable skills – Python or any other scripting language. system/network administratio
  • Great if you have come across PCI, NIST guidelines including PII, ISO2700x, cloud security, virtualization, SecDevOps, containerized deployment.

Job description

  • Discovering all information on system and solution exploitability (of Top 10 vulnerabilities categorized by OWASP, CWE/CVE like XSS, CSRF, CRLF, SQLi, XXE and uncommon HTTP Request Smuggling/Splitting, other) and security weaknesses from a variety of sources (technical documentation, source code, communication with project and development teams)
  • Assessing of application and solution security controls against «black box», «grey box» and «white box» attacks using both manual and automated (DAST) penetration techniques
  • Source code analysis (client/server/database) for vulnerabilities with scanning tools - SAST
  • Adjustment of penetration testing methodology accordingly to the solution and environment architecture and threat model
  • Analysis and evaluation of 3rd party vulnerabilities as part of product implementation processes
  • Analysis of CIS benchmark and evaluation of results with development teams
  • Prioritization of identified vulnerabilities accordingly to CVSS v.3.1
  • Assessment of penetration test results with development teams, analysis, preparation and evaluation of mitigation options
  • Analysis and evaluation of customer’ and 3rd party penetration test results
  • Contribution in enhancing penetration testing process, tools and automation of SAST/DAST tools in CI/CD pipelines
  • Contribution in enhancing penetration testing process of cloud products and the improvement SecDevOps processes

What we offer

  • Competitive salary
  • Medical insurance
  • More than 300 hard and soft-skills programs by the corporate career development center
  • Open environment and encouraging knowledge sharing culture
  • Opportunity to practice foreign languages daily
  • Flexible working hours and an opportunity to work remotely

Tev varētu interesēt arī:

IT Solution Specialist / IT risinājumu speciālists/-e
WorkingDay Latvia
Rīga
€ 1700 – 2500
Beigu termiņš: 15.08.2022
KLIENTU ATBALSTA DIENESTA SPECIĀLISTS
OSS Networks SIA
Rīga
€ 1200 – 2000
Beigu termiņš: 18.08.2022
JUNIOR ENGINEER (WORKSHOP)
WSOFT
Rīga
€ 2000 – 2200
Beigu termiņš: 14.08.2022