Web Application Penetration Tester

Want to join the TwelveSec team? We’re a Cyber security firm, specializing in assurance and security management consulting services and we are looking for a Web Application Penetration Tester interested in joining us. We are offering top-market salary, a friendly work environment, flexible hours and the ability to work from home – as well as a chance to be part of something new and exciting!

In order to join us, you must be an EU citizen or be able to work within the EU.

Tasks/Duties

• Web application penetration testing assessments on the product of a major client.
• Conduct assessments of web applications, databases, client-side applications and tools, and APIs.
• Execute manual and automated code analysis as well as dynamic code analysis to assess the quality and security of source code.
• Perform pre-assessment research and preparation including reconnaissance, documentation on collaboration with the customer.
• Develop custom tools and exploits.
• Analyze security findings, including risk analysis and root cause analysis.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations. –
• Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
• Perform validation testing for customer mitigations and security bug fixes.

Requirements

Must-have:

• Experience in performing penetration testing on enterprise web applications and microservices
• Knowledge of OWASP Top 10
• Java Spring, Java EE, HTTP Web Services (SOAP/REST)
• Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
• Knowledge of OWASP ASVS.
• Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
• Proven Experience using Burp Suite Pro or equivalent application (e.g. ZAP).
• Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).
• Experience with one or more scripting languages such as bash, python, etc.
• Solid understanding of OWASP testing methodology.

Nice-to-have (not obligatory):

• Deep Knowledge of Web application frameworks
• Deep Knowledge of Spring boot
• Deep knowledge on any Web Application development language
• Deep knowledge on any Web Application technology
• Capable of working effectively and efficiently with minimal supervision.

Certifications (not obligatory):

The following professional certifications will put your CV to the top of our “to call” list (with order of importance):

• OSWE
• OSWA
• eWPT
• CISSP
• CISSP-ISSAP

Benefits

Here are some of the benefits of joining the TwelveSec team:

• Competitive salary package and bonus schemes.

• Health and Life insurance
• Work in a friendly environment, with good team chemistry.
• Work from home and have flexible hours.
• Get involved in the growth of a new company with more promotion opportunities.
• Gain experience with new types of projects.
• Improve your CV by getting security certifications with our support.
• Check us out at Glassdoor