Penetration Tester

• Conduct thorough penetration testing across a variety of web applications, examining both client-side and server-side aspects. This includes an in-depth analysis of application structures, server setups, databases, and identifying business and logic flaws to detect security vulnerabilities.
• Employ sophisticated techniques and adopt an adversary's mindset to uncover and exploit vulnerabilities, highlighting the potential impact to emphasize the need and urgency for remediation. This includes the development of custom payloads and leveraging known exploits.
• Develop and communicate effective remediation strategies for mitigating identified vulnerabilities, ensuring clear guidance is provided to the development teams involved.

Requirements:

• A minimum of two years of experience in the field of web penetration testing.

Qualifications and Certifications:

• Degree or industry-recognized certifications focused on practical skills, such as BSCP, OSWE, OSWA, HTB-CWEE, or HTB-CBBH, serve as substantial evidence of practical knowledge and expertise in penetration testing, demonstrating a commitment to and proficiency in the field.
• Expertise in Web Pentesting: Comprehensive knowledge of web application vulnerabilities, to exploit security gaps/vulnerabilities on endpoint applications. A solid understanding of OWASP/OSWAP API standards and proficiency in manual testing methodologies is a must.
• Bug Bounty Recognition: Achievements in bug bounty programs, indicating practical experience in identifying and reporting security vulnerabilities, are considered an advantage.
• Cloud and Container Security: Experience with security assessments of cloud-based applications and services (e.g., AWS, Azure) and familiarity with the security considerations for containerized deployments are desirable.