We have an urgent opening in One of Big4
1. Candidate should have Core penetration testing experience and should have min 3-4 years of relevant experience in it.
2. Candidate should be expertise in any of the two areas in : Web Application, Network, Mobile application, Source Code Review, Thick Client application.
3. Candidate should aware of OWASP top 10 vulnerabilities, manual exploitation and practical knowledge on them.
4. Network PT: Ask for Common network ports - 21(ftp), 22(ssh), 23(telnet), 80(http), 139(netbios), 445(smb), 3389(RDP), 1433(MSsql), 3306(mysql), 5432(PostgreSQL)
5. Source code review requirements :
a. Check for tool Knowledge: HP Fortify, Checkmarx, IBM Appscan Source edition, Coverity. (Ability to completely scan a source code)
b. Check for Knowledge on different languages (Java, .NET, PHP, Object C, C++ etc.,) and specific frameworks (Struts, Springs, Hybernate for Java and C#, VB, ASP for .NET).
c. Candidate should have false positive analysis (manual code review)
d. Ability to triage findings such as XSS, SQLi, and other injection issues.
e. Distinguish between unsafe, potentially safe and safe sources.
Salary: Not Disclosed by Recruiter
Industry: Strategy / Management Consulting Firms
Employment Type: Permanent Job, Full Time