Web PT
2 weeks ago
Job Specification
Job Title: WebPT P1 - Consultant (Immediate Joiner only can apply)
Experience: 4-8 Years
Location: Bangalore/Pune
Employment Type: 6 months Contract (Extendable)
Budget -26 LPA
Work timings 11 AM to 8 PM IST
Job Overview
Roles & responsibilities
Perform automated testing of running applications and static code (SAST, DAST).
Perform manual application penetration tests on one or more of the following to discover and
exploit vulnerabilities: web applications, internal applications, APIs, internal and external
networks, and mobile applications
Experience in one or more of the following is a plus: mobile application testing, Web application
pen testing, application architecture, and business logic analysis.
Need to work on application tools to perform security tests: AppScan, NetsSparker,
Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux.
Able to explain IDOR, Second Order SQL Injection, CSRF – Vulnerability, Root cause,
Remediation
Mandatory technical & functional skills
Minimum three (3) years of recent experience working with application tools to perform security
tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali
Linux, or equivalent.
o Minimum three (3) years of performing manual penetration testing and code review against web
apps, mobile apps, and APIs
o Minimum three (3) years of working with technical and non-technical audiences in reporting
results and lead remediation conversations.
o Preferred one year of experience in the development of web applications and/or APIs.
o should be able to identify and work with new tools/technologies to plug and play on client projects
as needed to solve the problem at hand.
o One or more major ethical hacking certifications not required but preferred: GWAPT, CREST,
OSCP, OSWE, OSWA
Relevant certifications, such as GWAPT, OSCP, OSEP, CRTP, CRTO, OSWA, are strongly preferred.
