Description:
The Application and Product Security Engineer (Penetration Testing) is responsible for conducting security pen testing, monitoring, and auditing within a dynamic global organization. The products under test will have a range of possibilities from embedded devices to cloud services. Some of the products will be white box tests while others will be total black box engagements.
A successful engineer will be able to take the product and evaluate the weak points in the design and implementation and focus in on those weaknesses to find security gaps under the guidance of senior engineers and testing leads. The engineer should clearly document the findings, analysis and prepare a detailed report.
💼What Would Be the Perfect Qualifications?
- Conduct security evaluation and threat assessments of embedded systems, mobile applications, web applications.
- Conduct research for the purposes of finding new vulnerabilities and enhancing existing capabilities.
- Circumventing security protection methods and techniques.
- Performing data bus monitoring (snooping) and data injection.
- Conduct communications protocol analysis in the embedded products, and applications.
- Conduct wireless communications channel snooping, and data injection.
- Learn to reverse engineering complex systems and protocols.
- Create detailed technical reports and proof of concept code to document findings.
- Perform System Breakdown of the project/product before testing, identify and evaluate all the testing requirements and plan out the detailed testing activities, resources etc. with the help of Senior/Lead test engineers.
- Provide proactive detailed interaction with respective engineering group on the testing needs, testing progress/status and provide detailed analysis report.
📝What kind of work will you be doing?
- Bachelor's Degree in Information Technology, Computer Science or related field is highly desirable.
- Advanced security qualifications such as OSCP (Offensive Security Certified Professional) certification, CEH (Certified Ethical Hacker) or equivalent.
- Five or more years (5+ years) of experience in information, application, or embedded product security and/or IT risk management.
- Two or more years (2+ years) of pentesting experience with a strong interest / personal experience in pentesting (CTF, HacktheBox, etc.).
- Solid understanding of security protocols, cryptography, authentication, authorization, and security.
- Good working knowledge of current IT risks and experience implementing security solutions.
- Ability to interact with a broad cross-section of personnel to articulate and enforce security measures.
- Excellent written and verbal communication skills as well as business acumen.
- Strong ability to establish partnerships and influence change and achieve results within dynamic environment.
- Meaningful technical contributions into the development lifecycle of an application, product, or service.