Associate Staff Engineer - Penetration Testing

Company DescriptionWe are a Digital Product Engineering company that is scaling in a big way! We build products, services, and experiences that inspire, excite, and delight. We work at scale — across all devices and digital mediums, and our people exist everywhere in the world (15000+ experts across 26 countries, to be exact). Our work culture is dynamic and non-hierarchical. We are looking for great new colleagues. That is where you come in!Job DescriptionMust have Skills : Security Assessment, Penetration Testing, Vulnerability Scanning, Security Testing,Job Description : Looking for a security professional who is good at performing security testing of Applications, & Cloud Environments and articulate the findings in an easily consumable manner to the various internal stakeholders. Capability to think Out-of-the-Box and come up with attack vectors for the target components would be required for this role.Experience and Qualifications: ·• Should have 3-6 year of experience in application security testing of web & mobile applications (android + iOS), API and infrastructure (cloud +network + server) ·• Through knowledge of the OWASP framework and testing guide. ·• Hands-on knowledge of Pen testing, red team exercise, and bug hunting. ·• Hands-on knowledge of DAST/SAST/IAST solutions. ·• Knowledge on scripting (e.g. in python, PowerShell, JavaScript) to write automation scripts & PoCs. ·• Knowledge on SSO and OAuth 2.0 flows would be required ·• Bachelor degree. - Preferably in the field of Computer Science/ Computer Application/ Information & Technology/ Electronic & Communication Engineering. ·• Security certifications i.e. OSCP, OSWE, CCSP are a plus. ·• Experience in bug bounty hunting with well-known bug bounty platforms /vulnerability disclosure programs are a plus.• Should be good at performing Security Testing of the following: - Web Application - API - Mobile applications (android + iOS) - Infrastructure (Server + network) - AWS, Azure and GCP environments ·• Pen Testing and Red team exercises against assigned target scope. ·• Write automation & PoC scripts from time to time. ·• Should be able to perform assessment to detect open-shares and non-compliant AD accounts ·• Pentest Identity Provider (IdP) integrated applications with SSO and OAuth. Should be well versed with the following tools: · Burp Suite · Postman ·• VirtualBox · Kali Linux · Metasploit · Android Studio (AVD) ·• Scripting · Tenable · AWS, Azure and GCP ·• DAST and SAST solutionsOriginal job Associate Staff Engineer - Penetration Testing posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.