loading

Senior Penetration Tester в м. Київ

Відгукнутись
#50369870

Vodafone Ukraine is an international company with the leading positions in the field of technology and telecommunications, implementing ambitious projects and products in all business spheres, including Cloud Services, Big Data, IoT, Smart City.

Requirements:

  • 5 years of experience in Information Security
  • Strong expertize in performing security analysis and identifying possible vulnerabilities, creating Vulnerability Assessment report
  • Skilled using various tools like Automatic Scanner, NMAP, Dirbuster, Qualys, Nexpose, Nessus, BurpSuite, Metasploit and etc for web application penetration tests and infrastructure testing
  • Experience & knowledges in performing scanning, data analysis, taking remediation steps
  • GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) is much appreciated

Responsibilities:

  • Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities
  • OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation
  • Perform pen tests on different application
  • Perform grey box, black box testing of the web applications
  • Create written reports, detailing assessment findings and recommendations
  • Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms
  • Perform risk assessments to ensure corporate compliance
  • Controls on session management like Server-side session states, session termination, Session ID randomness, expiration, Unique tokens, concurrent logged in session, session fixation prevention
  • Perform Static assessment of various applications by Static code analyzers
  • Perform Dynamic assessment of applications by code analyzer tools and verify false positives
  • Develop threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications
  • Performed static code reviews with the help of automation tools
  • Perform the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis
  • Execute daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems
  • Perform, review and analyze security vulnerability data to identify applicability and false positives
  • Work closely with research and development teams for vulnerability remediation
  • Plan and Design Vulnerability assessement process
  • Work with other employees to improve the level of cybersecurity
  • Analyze and assessed risk in the environment
  • Identify issues in the web applications in various categories like Cryptography, Exception Management
  • Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards
  • Analyze parsed data from Qualys for Vulnerability Remediation
  • Work on Vendor based Applications, Middleware and layer products
  • Provide both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
  • Analyze data and prepared reports that document vulnerabilities from network based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
  • Perform remediation activities for Applications, OS, Database, Middleware, Digital Certificate, Layer Products, Java
  • Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations
  • Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Qualys and Passive Vulnerability Scanning
  • Work on Enterprise Release Management and Governance activities
  • Work closely with all competency teams to effectively and efficiently remediate vulnerabilities

We offer:

  • Official employment & social guarantees
  • Flexible work hours and remoted working days
  • 31 calendar days of vacation
  • Medical insurance
  • Professional trainings
  • Free mobile communication & discounts for family members
  • Active corporate life

You are welcome to send  us your CV with the salary expectations.


Відправити резюме

Поле, обов’язкове для заповнення

Підпишіться і дізнавайтеся про найсвіжіші вакансії першими

Ви не дали згоду
Ви не дали згоду
error
*Виберіть категорії, вакансії яких ви хочете отримувати

Підписку виконано, дякуємо!