Requirements

Expected technologies

iOS

Android

Our requirements

• Be subject matter expert in at least 1 of penetration testing domains (i.e. infrastructure/apps/mobile).
• At least 5 years of prior demonstrable hands-on experience in penetration testing.
• Solid understanding of the platform security models for iOS and Android platforms.
• Excellent understanding of platform-specific security risks, common vulnerabilities for mobile applications, common risks in financial applications.
• Practical knowledge of penetration testing of widely understood infrastructure, web and mobile technologies, using manual and automated testing methods.
• Excellent TCP/IP knowledge and understanding of security implications/issues.
• Strong web application testing experience.
• Proven programming/scripting skills.
• Ability to explain security functionality from first principles.
• Ability to adapt and apply information to new scenarios and technologies.
• Strong understanding of applied use of cryptography in application development.

Your responsibilities

• Perform highly technical/analytical security assessments of custom mobile applications, widely understood infrastructure and networks, web services and APIs.
• Work closely with the DevOps teams to ensure that the security testing requirements are met and help automate repetitive tasks.
• Develop understanding of business functionality and apply testing methodology as appropriate to technologies and risks.
• Code and demonstrate basic proof-of-concept exploits of vulnerabilities when required.
• Assist with coordination of security testing projects according to a structured process, including writing test plans, test cases and test reports.
• Assess product release risk and complexity and identify potential misuse scenarios through review of business requirements and design specifications.
• Assist with tracking, remediation, and risk acceptance for identified security vulnerabilities.
• Assist in planning, test execution and vulnerability mitigation.
• Run evaluations of new security testing technologies and provide recommendations.
• Monitor security industry information sources and keep abreast of events, research, and developments.
• Identify opportunities to improve our processes, quality of the work and efficiencies.