Listing Description
· At least 3 years of experience conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, and Business Logic Bypass, OWASP Top 10, SANS top 25, etc.)
· Ability to demonstrate manual web application testing experience; i.e. candidate must be able to simulate a SQL inject/Cross-site script attack without the use of tools.
· Experience with web application vulnerability scanning tools (e.g. IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burpsuite Pro, etc.)
· Knowledge of network and Web related protocols/technologies (e.g., UNIX/LINUX, TCP/IP, HTTP/HTTPS, REST, Cookies)
· Experience with vulnerability assessment tools and penetration testing techniques. (e.g., web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions (i.e. BackTrack/Kali), static source code analyzers, SoapUI, etc.)
· Experience penetration testing on mobile platforms such as iOS, Android, Windows & RIM
· Solid programming/debugging skills with proficiency in one or more of the following; Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
· Demonstrated ability to learn and apply critical thinking to a variety of situationsOne or more of following certifications: CISSP, GWAPT, C|EH, OSCP or qualified work experience
Strong scripting skills (e.g., Python, Perl, Shell script, JavaScript)
Experience as a developer a plus
Mobile programming abilities, such as Xcode, Objective-C a plus
Knowledge of Structured Query Language a plus
Listing Details
- Citizenship: No Requirements
- Incentives: Not Provided
- Education: No Requirements
- Travel: No Travel
- Telework: No Telecommute