Senior Web PT expert

A senior application security member should have a deep understanding of web application PT techniques, Tools and languages such as JS/PHP/Java/etc. Candidate should have developmental abilities in Python/Perl/Ruby or/and C/C++. Experience researching and developing application related (web/mobile) exploits. Experience with end-to-end project execution and good writing skills for reporting.
She/He/They will be leading and participating in Application PT engagements:

· Initial and status calls with clients (Understand the scope and any requirements from the client)

· Prepare a work plan/checklist for each project in order to estimate time lines and objectives

· Perform the tests (Could be white/gray/black box testing)

· Creating and modifying payloads/attacks to bypass AV/WAF systems

· Track and log every (major) action taken with time stamp

· Perform a clean-up at the end of each engagement

· Write a report to be delivered to the client (contains both executive summary and full technical report)

Some of our projects are done remotely from Israel while some are done locally at the client’s site, it is expected from the candidate to be sent abroad occasionally.

§ 3+ Years Hands-on experience in performing Application Penetration Tests (including Web, APIs, Android & iOS).

§ In depth familiarity of Application level vulnerabilities (CSRF, XSS, XXE, SSRF, SQL Injections, Business logic-based vulnerabilities etc.) and mitigations based on industry best practices (OWASP top 10, SANS, NIST).

§ Experience with web application development – examples: Java, ASP.NET, PHP, Python, JS.

§ Understanding of network protocols.

§ 3+ years of hands-on experience in the financial / Defense / Hi-Tech / Military sectors.

§ Experience with leading project from end-to-end (Scoping, Resources allocation, Supervising, Deliverables)

§ Excellent technical writing skills in English and Hebrew

Advantages

§ Knowledge in the field of secured programming and secured software coding (SDLC).

§ 1+ years of leading a technical team.

§ Experience in Objective-C/JAVA

§ Mobile Penetration Testing.

§ One of the following certifications: OSCP, OSCE, OSWE, eCCPT, eWPTX, GWAPT, eMAPT.

§ Degree in Computer Science/IT or related field.

Administrative Prerequisites

§ Team player with excellent inter-personal skills.

§ Excellent written, reading, and verbal communication skills in both Hebrew and English.

§ The job includes international travel.

§ Ability to lead projects and communicate with executive customers.

§ Representativeness and professional appearance.