Want to join the TwelveSec team? Weβre a Cyber security firm, specializing in assurance and security management consulting services and we are looking for a Web Application Penetration Tester interested in joining us. We are offering top-market salary, a friendly work environment, flexible hours and the ability to work from home as well as a chance to be part of something new and exciting!
In order to join us, you must be an EU citizen or be able to work within the EU.
Tasks/Duties- Web application penetration testing assessments on the product of a major client.
- Conduct assessments of web applications, databases, client-side applications and tools, and APIs.
- Execute manual and automated code analysis as well as dynamic code analysis to assess the quality and security of source code.
- Perform pre-assessment research and preparation including reconnaissance, documentation on collaboration with the customer.
- Develop custom tools and exploits.
- Analyze security findings, including risk analysis and root cause analysis.
- Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
- Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
- Perform validation testing for customer mitigations and security bug fixes.
Requirements
Must-have:- Experience in performing penetration testing on enterprise web applications and microservices
- Knowledge of OWASP Top 10
- Java Spring, Java EE, HTTP Web Services (SOAP/REST)
- Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
- Knowledge of OWASP ASVS.
- Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
- Proven Experience using Burp Suite Pro or equivalent application (e.g. ZAP).
- Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).
- Experience with one or more scripting languages such as bash, python, etc.
- Solid understanding of OWASP testing methodology.
Nice-to-have (not obligatory):- Deep Knowledge of Web application frameworks
- Deep Knowledge of Spring boot
- Deep knowledge on any Web Application development language
- Deep knowledge on any Web Application technology
- Capable of working effectively and efficiently with minimal supervision.
Certifications (not obligatory): The following professional certifications will put your CV to the top of our to call list (with order of importance):
- OSWE
- OSWA
- eWPT
- CISSP
- CISSP-ISSAP
Benefits
Here are some of the benefits of joining the TwelveSec team:
- Competitive salary package and bonus schemes.
- Health and Life insurance
- Work in a friendly environment, with good team chemistry.
- Work from home and have flexible hours.
- Get involved in the growth of a new company with more promotion opportunities.
- Gain experience with new types of projects.
- Improve your CV by getting security certifications with our support.
- Check us out at Glassdoor