SECURITY TEST ENGINEER/PENETRATION TESTER
SECURITY TEST ENGINEER/PENETRATION TESTER
Netcracker
SECURITY TEST ENGINEER/PENETRATION TESTER

SECURITY TEST ENGINEER/PENETRATION TESTERNetcracker

Requirements for candidates

We are looking for experienced penetration testing specialists to join our application security team. The primary focus will be on regular security assessments of Netcracker product suite and customer solutions (self-service portals, CRM, rating and billing systems, cloud deployments). The role offers potential for growth both in technical domain and professionally.

What we are looking for:

  • 2+ years of experience as a penetration tester 
  • Proven abilities to approach a black box and white box testing.
  • Deep knowledge of OWASP top-10 vulnerabilities and attacks
  • Practical experience in threat modelling
  • Hands-on experience with vulnerability scanners (static and/or dynamic) and frameworks, including but not limited to Acunetix, Trustwave, OWASP ZAP, Burp, Nmap, Metasploit Framework and code scanners like IBM App Scan, Fortify, CheckMarx
  • Hands-on experience with API penetration testing of Rest/SOAP based interfaces
  • Detailed understanding of OAauth 2.0 protocol, OpenID standard and SAML standard
  • Perfect knowledge of OWASP methodology and web vulnerabilities – you can easily explain and show how it works 
  • Desirable skills – Python or any other scripting language. system/network administratio
  • Great if you have come across PCI, NIST guidelines including PII, ISO2700x, cloud security, virtualization, SecDevOps, containerized deployment.

Job description

  • Discovering all information on system and solution exploitability (of Top 10 vulnerabilities categorized by OWASP, CWE/CVE like XSS, CSRF, CRLF, SQLi, XXE and uncommon HTTP Request Smuggling/Splitting, other) and security weaknesses from a variety of sources (technical documentation, source code, communication with project and development teams)
  • Assessing of application and solution security controls against «black box», «grey box» and «white box» attacks using both manual and automated (DAST) penetration techniques
  • Source code analysis (client/server/database) for vulnerabilities with scanning tools - SAST
  • Adjustment of penetration testing methodology accordingly to the solution and environment architecture and threat model
  • Analysis and evaluation of 3rd party vulnerabilities as part of product implementation processes
  • Analysis of CIS benchmark and evaluation of results with development teams
  • Prioritization of identified vulnerabilities accordingly to CVSS v.3.1
  • Assessment of penetration test results with development teams, analysis, preparation and evaluation of mitigation options
  • Analysis and evaluation of customer’ and 3rd party penetration test results
  • Contribution in enhancing penetration testing process, tools and automation of SAST/DAST tools in CI/CD pipelines
  • Contribution in enhancing penetration testing process of cloud products and the improvement SecDevOps processes

What we offer

  • Competitive salary
  • Medical insurance
  • More than 300 hard and soft-skills programs by the corporate career development center
  • Open environment and encouraging knowledge sharing culture
  • Opportunity to practice foreign languages daily
  • Flexible working hours and an opportunity to work remotely

Tev varētu interesēt arī:

SOFTWARE DEVELOPER IN TEST (Python, Java or Javascript)
Swisscom DevOps Center Latvia SIA
Rīga
€ 2497 – 3388
Beigu termiņš: 31.01.2022
MEŽSAIMNIECĪBAS DATU ANALĪTIĶIS
SIA Ziemeļlatvijas mežsaimnieks
Rīga
€ 1200 – 1500
Beigu termiņš: 27.01.2022
Senior Full Stack Developer
TRODO SIA
Rīga
€ 3000 – 4500
Beigu termiņš: 03.02.2022