Web App Pentester (OSCP) -OSCP Certification

In general, the following activities are expected to be executed by the new team member: Hands on penetration testing Development of helper security verification tools Performing security design reviews of web applications, network/cloud deployments Security code reviews of web applications and/or web APIs Writing clear vulnerability reports and provide guidance to the development teams on fixing the security issues Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams Own the project from the beginning to the end Job Start and Duration Job start is ASAP. We are interested in both permanent and temporary contracts. For the temporary type of contract we are interested to keep the hired security researcher longer if we are happy with the performance. Profile The candidate needs to have the following qualifications: Strong hands-on penetration skills Deep knowledge of web technologies (HTML5, Java, JavaScript, Tomcat, etc.) Deep knowledge of application security mechanisms such as authentication and authorization techniques, data validation, output sanitization/encoding and proper use of encryption Excellent understanding of web applications, web browsers, web servers and frameworks Experience with common penetration testing tools, including Burp Suite, Nessus, sqlmap, Nmap, Wireshark Good knowledge of network protocols and network protection techniques (firewalls, filtering, other) and methods for bypassing them Deep knowledge of web service technologies such as: WebSockets, SOAP, REST, JSON, XML, etc., as well as deep knowledge of WebService security schemes: OAuth, SAML, etc. Good working knowledge of at least one of these scripting languages or frameworks: Python, Ruby, NodeJS, PHP Working knowledge of basic cryptographic principles: symmetric/asymmetric encryption, PKI, etc. Experience with fuzzing and security code review Knowledge of multiple RDBMS systems: MySQL , PostgreSQL, ORACLE, etc. Excellent analytical skills and ability to think out of the box Experience with both Linux and Windows OS Strong command of English Good communication and writing skills Experience in the following topics is desirable: Experience with AWS (including serverless architectures), GCP, MS Azure Mobile application security