91爆料

    欲随时了解新空缺职位
    加入我们的人才交流群

    Web Application Pen tester

    Mumbai, Maharashtra, India

    Web Application Pen tester

    • 202406194
    • Mumbai, Maharashtra, India
    • Closing on: Jan 3 2025

    Description

    Summary of Role :
    A web application penetration tester is responsible for assessing the security of web applications to identify vulnerabilities and weaknesses that could be exploited by attackers. Their role involves conducting thorough assessments and penetration tests to uncover potential security risks and provide recommendations for mitigation.
    The role will work closely alongside the rest of the Penetration Testing team, Business units and other Cyber team.
    We are looking for a collaborative team player, with a good technical knowledge in web application penetration testing. The successful candidate will contribute to and work as part of a global multi-disciplined security community with clear vision and direction, and top-down support across the business.?

    The Role:

    Responsibility:

    • Vulnerability Assessment: Conducting comprehensive assessments of web applications to identify security vulnerabilities, such as cross-site scripting (XSS), SQL injection, authentication flaws, and insecure configurations and use these to penetrate deeper into the application/server.

    ?

    • Penetration Testing: Performing controlled attacks on web applications and APIs to simulate real-world hacking attempts and identify potential entry points for attackers. This involves utilizing various techniques, tools, and methodologies to exploit vulnerabilities and gain access.

    ?

    • Security Analysis: Analyzing the results of penetration tests to assess the severity of identified vulnerabilities, their potential impact on the system and the business, and the likelihood of exploitation.

    ?

    • Reporting and Documentation: Preparing detailed reports that document the findings, including identified vulnerabilities, attack vectors, and recommendations for remediation. These reports typically outline the risks associated with each vulnerability and provide guidance on how to mitigate them.

    ?

    • Remediation Support: Collaborating with developers and system administrators to assist in the remediation of identified vulnerabilities. This may involve providing guidance on secure coding practices, recommending security controls, or validating the effectiveness of implemented fixes.

    ?

    • Stay Up to Date: Keeping abreast of the latest web application vulnerabilities, attack techniques, security tools, and industry best practices. This includes staying informed about emerging threats and trends in web application security.

    ?

    • Ethical Approach: Conducting all testing and assessment activities within a legal and ethical framework, ensuring that the organization's systems and data are not compromised or harmed during the process.

    ?

    • Continuous Improvement: Engaging in professional development activities, such as attending conferences, participating in training programs, and obtaining relevant certifications, to enhance knowledge and skills in web application security.
      ?

    The Requirements

    Minimum Criteria:

    • Education: A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.
    • Technical Knowledge: A strong understanding of web technologies, programming languages (e.g., HTML, CSS, JavaScript, PHP, Python), and web application architecture is essential. Knowledge of networking fundamentals, operating systems, and databases is also beneficial.

    Skills:

    • Web Application Security: In-depth knowledge of web application vulnerabilities, common attack techniques, and mitigation strategies. Strong understanding of OWASP Top 10 vulnerabilities is crucial.
    • Penetration Testing Techniques: Proficiency in various penetration testing methodologies, tools, and frameworks. Experience with manual testing techniques, automated vulnerability scanners, and exploit frameworks is necessary.
    • Programming and Scripting: Proficiency in at least one programming language (e.g., Python, Ruby, or JavaScript, etc) to write custom scripts and tools. Understanding SQL queries for database testing is also important.
    • Analytical and Problem-Solving Skills: Ability to analyze complex web application environments, identify vulnerabilities, and exploit them. Strong problem-solving skills to understand attack vectors and recommend appropriate countermeasures.

    Holds relevant industry certification/s or equivalent like the following:

    • CEH – Certified Ethical Hacker
    • OSCP – Offensive Security Certified Professional
    • GPEN – GIAC Penetration Tester
    • Burp Suite Certified Practitioner
    • eWAPT/eWAPTx – elearning Web Application Penetration Tester

    ?

    Practical experience gained through participation in bug bounty programs, capture-the-flag (CTF) competitions, and real-world projects can also be valuable in showcasing skills and expertise.

    Qualifications

    • A bachelor's degree in a related field such as computer science, information security, or cybersecurity is commonly preferred, but not always mandatory. Relevant industry experience can compensate for formal education requirements.

    Apply Now

    不是你?

    谢谢

    自主投递说明

    自主投至韦莱韬悦公司网站或员工公司邮箱的个人简历或申请人档案将视为归韦莱韬悦所有,我们无需为此向代理招聘机构支付费用。韦莱韬悦授权的代理招聘机构或猎头公司须持经由韦莱韬悦授权招聘官签署的有效正式书面合同,且须仍与韦莱韬悦保持合作关系。简历须按照我们的申请人提交流程进行提交,包括针对特殊招聘提交的简历。代理招聘机构或公司如不按申请流程提交简历,韦莱韬悦将不会为此支付招聘费用。韦莱韬悦提倡公平招聘。如您希望我们保存您的联系信息,以备日后有合适机会时与您联系,请发送邮件至:Agency.inquiries@willistowerswatson.com

    我们的机构

    我们的同事遍及全球140多个国家及市场。我们的业务已基本全面实现国际化,为协作与发展创造了绝佳机遇。查看以下地图,了解韦莱韬悦可以在哪里为您提供机遇。

    认识我们的员工