Associate Staff Engineer - Penetration Testing
Remote, Sri Lanka
Applications have closed
Nagarro
A digital product engineering leader, Nagarro drives technology-led business breakthroughs for industry leaders and challengers through agility and innovation.Company Description
We are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale — across all devices and digital mediums, and our people exist everywhere in the world (15000+ experts across 26 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in!
Job Description
Must have Skills : Security Assessment, Penetration Testing, Vulnerability Scanning, Security Testing,
Job Description : Looking for a security professional who is good at performing security testing of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders. Capability to think Out-of-the-Box and come up with attack vectors for the target components would be required for this role.
Experience and Qualifications: ·
- Should have 3-6 year of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server) ·
- Through knowledge of the OWASP framework and testing guide. ·
- Hands-on knowledge of Pen testing, red team exercise, and bug hunting. ·
- Hands-on knowledge of DAST/SAST/IAST solutions. ·
- Knowledge on scripting (e.g. in python, PowerShell, JavaScript) to write automation scripts & PoCs. ·
- Knowledge on SSO and OAuth 2.0 flows would be required ·
- Bachelor degree. - Preferably in the field of Computer Science/ Computer Application/ Information & Technology/ Electronic & Communication Engineering. ·
- Security certifications i.e. OSCP, OSWE, CCSP are a plus. ·
- Experience in bug bounty hunting with well-known bug bounty platforms /vulnerability disclosure programs are a plus.
- Should be good at performing Security Testing of the following: - Web Application - API - Mobile applications (android + iOS) - Infrastructure (Server + network) - AWS, Azure and GCP environments ·
- Pen Testing and Red team exercises against assigned target scope. ·
- Write automation & PoC scripts from time to time. ·
- Should be able to perform assessment to detect open-shares and non-compliant AD accounts ·
- Pentest Identity Provider (IdP) integrated applications with SSO and OAuth. Should be well versed with the following tools: · Burp Suite · Postman ·
- VirtualBox · Kali Linux · Metasploit · Android Studio (AVD) ·
- Scripting · Tenable · AWS, Azure and GCP ·
- DAST and SAST solutions
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android APIs Application security Automation AWS Azure Burp Suite CCSP Cloud Computer Science DAST GCP IAST iOS JavaScript Kali Linux Metasploit OSCP OSWE OWASP Pentesting POCs PostMan PowerShell Python Red team SAST Scripting Security assessment SSO VirtualBox
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.