All the payment flows covering various test cases (eg. All types of cards, net banking and UPI)
Exploit security flaws and vulnerabilities with attack simulations on multiple application platforms like Web, iOS and Android
Ability to flow from black box to grey box to white box tests.
Ability to effectively work with the engineering teams to provide technical risk. assessment of technologies in networks, applications, code reviews in the release management cycle.
Ability to perform vulnerability assessments and penetration testing, utilising tools commercial and open source.
Perform, review and analyse security vulnerability data to identify applicability and false-positives.
Conduct penetration testing in line with Open Web Application Security Project (OWASP)
Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
Required Skills and Abilities:
Required:
Security Pen Testing methodologies including automated scans and manual methods
At least one automated testing suite such as Burp, Nexpose, ZAP.
Network analysis tools
Good documentation and communication skills
Ability to work in a team environment and interact with people
Ability to grasp new technology concepts quickly
Understanding of the following:
Understanding of Web Servers and HTTP
In-depth understanding of OWASP top 10 vulnerabilities
Basic understanding of PHP, Javascript, Golang, Python
TCP/IP networking including IP classes, subnets, NAT
SSL Handshake and Certificates Understanding
DNS, and DHCP, Network troubleshooting
Remote access methods
Should be aware of the latest Major Application Zero-day vulnerabilities
Should be able to understand security alerts and take necessary actions accordingly
Plus:
Hands-On experience with Linux Flavours(Debian/Ubuntu, CoreOS) and security hardening of the same
Experience with security issues in Cloud Technologies (AWS, GCP, Azure) is a plus
Experience with Docker and containerization technologies
Knowledge and understanding of basic information security principles
Understanding of cryptography primitives
Education and Experience:
3-5 years of application and network security (RED Team) experience Hall of fames (Good to have)"
Employement Category:
Employement Type: Full time Industry: IT - Software Role Category: Testing Functional Area: Not Applicable Role/Responsibilies: Security Engineer(Pen testing)