Penetration Testing - Hyderabad, IN - Oracle
We are looking for a senior security penetration testing team members who enjoys security work and possesses both deep and wide expertise in the penetration testing space. You will use information security threat intelligence to identify and exploit vulnerabilities within our products. The focus areas for this role are Application Penetration testing for Web, Mobile and Thick client application and also for web services.
Role and Responsibilities:
- Conduct application security assessments (web, mobile, API, thick client etc.) using off-the-shelf or internally developed exploitation tools to execute manual testing for advanced attacks.
- THREAT Modeling, vulnerability assessments and report vulnerability issues to product teams.
- Help product teams understand vulnerabilities and suggest remediation.
- Having knowledge of network vulnerabilities, cryptography is a big plus.
- At least 6+ years of application penetration testing experience with good collaborative skills.
- Hands-on experience in performing penetration testing on thick client applications (dot net and java based) and good knowledge of tools used in testing them.
- Experience with security tools such as Burp Suite Pro, Web Inspect, Qualys etc., as well as other various commercial and open source tools.
- Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
- Very good experience and understanding of vulnerabilities like cross-site scripting, SQL injection, and other advanced attacks at the core conceptual level.
- Understanding technologies, infrastructure and architectures
- Should have good knowledge and understanding on the latest attacks and mitigations from the code level.
- o ISC2 certification is preferred
- o CISSP, OSCP or any SANS certifications are big plus