Application Security Associate

Job Description & Summary

Responsibilities:

• Conduct cyber-attack simulations as part of the RED team activity
• Conduct Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network, web, mobile and thick-client applications, APIs, POS etc
• Conduct source-code review using automated and manual approaches, review results to eliminate false positives
• Conduct configuration reviews for OS , DB, Firewall, routers, Switches and other security devices/components
• Perform manual testing of web applications
• Prepare detailed reports and ensure timely delivery of status updates and final reports to clients
• Discuss findings with client stakeholders and explain recommendations
• Keep abreast of the latest IT Security news, exploits, hacks
• Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks

Essential Skills:

• At least 1 year of relevant experience
• Thorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channels
• Hands on experience with popular security tools †Nmap, Nessus, Kali, Metasploit, BurpSuite, Netsparker, OWASP CSRF Tester, Fortify/Checkmarx, SonarQube, Synopsys, SQLite browser, Drozer
• Working knowledge of manual testing of web applications
• Understands Software Development Life Cycle and SOAP, REST and GraphQL APIs
• Skills in performing VAPT for Web applications, Mobile applications, APIs, Network infrastructure, Thick client applications
• Good knowledge of modifying and compiling exploit code
• Good understanding and knowledge of codes languages
• Has practical experience in auditing various OS, DB, Network and Security technologies
• Strong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell

Experience in at least three of the following:

• Set up and operate red team infrastructure
• Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities
• Email, phone, or physical social-engineering assessments
• Developing, extending, or modifying exploits, shellcode or exploit tools
• Reverse engineering malware, data obfuscators, or ciphers
• Strong credentials in wireless, web application, and network security testing
• Familiar with MITRE ATT&CK framework and D3FEND matrix

Education

Degrees/Field of Study required:

Degrees/Field of Study preferred: Bachelor Degree

Certifications

Required Skills

Optional Skills

Desired Languages

Travel Requirements

Not Specified

Available for Work Visa Sponsorship

No

Government Clearance Required

Yes