Старый 09.06.2016, 13:10   #1
thiumma
 
Регистрация: 09.06.2016
Сообщений: 2
Репутация: 0
По умолчанию Seeking Part-time Penetration Tester for Security Company

We are looking for a highly motivated and qualified security professional with hands-on experience performing vulnerability assessments who possesses a thorough working knowledge of common commercial and/or open source vulnerability assessment tools and techniques used for evaluating operating systems, databases and web applications. (E.g. penetration testing methods related to web application mapping, reviewing client-side controls, testing user-input fields, and attacking session management, authentication, access controls, encryption, and backend databases/data stores). Candidates must have at least 3 years of current experience performing penetration tests, and have experience using both open source and commercial testing tools. Candidates should be familiar with manual testing techniques and be able to conduct penetration testing without data from vulnerability scanning engines.

The role primarily concentrates on some network penetration testing, but mostly on web application penetration testing based on OWASP testing guidelines. The role also acts as liaison and SME to in-house groups of development engineers in IT with scant understanding of SAST, DAST, RASP and IAST practices, and will coordinate with teams to raise the level of application security skills, process, review and reporting.

The candidate will provide technical information system security testing in support of the appropriate security risk management processes. Techniques used in the security assessment and technical testing efforts include in-depth network and application vulnerability testing (both automated and manual testing), demonstrable false positive validation. Automated testing will include tools such as: Whitehat Security, Cenzic Hailstorm, BurpSuite Professional, DBProtect, Core Impact, Nmap, Metasploit, and other such tools as found in the BackTrack and Samurai Web Testing Framework distributions, etc. The candidate will be required to develop documentation in support of testing efforts that may include: Test Plans, Preliminary Findings Reports, Security Assessment Reports, and other, similar test artifacts,

The ideal candidate is a dedicated self-starter with interest in application security and IT infrastructure vulnerabilities and willingness to take on complex issues and resolve them in a timely manner. The candidate must have the aptitude to learn new concepts quickly with enough background knowledge in the operations field in order to understand new information technology security concepts and technology ramifications.

The role helps to maintain enterprise information security policies, technical standards, guidelines, procedures, and other elements necessary to support information security in compliance with established company policies, regulatory requirements, and generally accepted information security controls.


Responsibilities
Web application security assessments (XSS, CSRF, SQL-Injections, etc. via manual testing)
Web vulnerability scans
Asset identification, network discovery, and software inventory
Identification of misconfigured software
Assessments of patching program effectiveness
Participation in incident response and remediation efforts
Analysis of hacking, penetration and defense threats
Maintenance of relevant exploit databases
Infrastructure assessments and pen-testing and vuln. assessment
Other duties as assigned


Required Skills/Qualifications:
Minimum of 3+ years of relevant experience, additional years a plus
Thorough understanding of Networking Protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
Hands-on experience using a major Enterprise Web Scanning Tool: e.g., HP WebInspect and/or IBM Appscan, Webinspect, Accunetix, NTO Spider etc.
Familiarity with one major SAST tool or service (Veracode and/or HP Fortify)
Familiar with vulnerability assessment, confirmation, and validation tools, processes, methodologies, and strategies, including static and dynamic analysis tools/techniques
Complete Familiarity with the Open Web Application Security Project (OWASP)
Some actual experience with Code reviews of Perl, Python, Ruby, Java, HTML, CSS, ASP, ASP.NET, Cold Fusion, Oracle, T-SQL, SQL and other languages and identification of code logic flaws
Familiar with vulnerability reporting, tracking, management, and remediation processes, methodologies, and strategies
Familiar with host and vulnerability discovery strategies, processes, and best practices
Familiar and have had pen-tested experience against Windows, Linux, OSX, and mobile platform environments
Familiar and have had pen-testing experience against common network topologies and implementations (e.g., Infrastructure, DMZs, Zones, Wireless, etc.)
Familiar with Network scanning (e.g. Qualys, Nexpose, Saint, Rapid7 etc.)
Web application encryption/tokenization skills


Strongly Desired Skills
Prior programming experience
Familiar with common security implementations and their associated gaps (e.g., Active Directory, OpenLDAP, Centralized DNS, PKI, SSL, SAML, OAuth, REST, SSO, OpenID 2.0/OpenID Connect etc.)
Experience with Cold Fusion, PHP, ASP.NET, VB 6, VB.NET, T-SQL, Postgres, PL/SQL/MySQL, HTML, jQuery, JavaScript and AJAX.
Knowledge of threat modeling or other risk identification techniques
Familiar with network penetration testing tools, processes, methodologies, and strategies
Familiar with security exercise tools, processes, methodologies, and strategies

Type: part-time job, remote accepted

Contact person: Louise Miller pchelinno<at>gmail<dot>com
thiumma вне форума   Ответить с цитированием
Старый 10.06.2016, 04:34   #2
thiumma
 
Регистрация: 09.06.2016
Сообщений: 2
Репутация: 0
По умолчанию

We understand that the most talented professionals enjoy the freedom and anonymity. Therefore we are ready to consider an anonymous partnership as it will be possible.
Just email us the definition of acceptable conditions of cooperation and your contact in jabber or any other messenger which you prefer to use for communication.
Don't hesitate to contact.
thiumma вне форума   Ответить с цитированием
Старый 24.06.2016, 17:27   #3
HeartLESS
 
Регистрация: 25.04.2012
Сообщений: 101
Репутация: 31
По умолчанию

Why don't you demand on 15 years of html5 experience? Several years of TV, XBOX, PS4 and refrigerator pentesting?
Also code analysis of pascal, c/c++, go, f#, brainfuck and ook. And lisp.
__________________
Jokester: Ок, с тобой проще согласиться чем переубедить. :)
HeartLESS вне форума   Ответить с цитированием
Старый 24.06.2016, 22:17   #4
crlf
 
Аватар для crlf
 
Регистрация: 29.09.2015
Сообщений: 101
Репутация: 17
По умолчанию

Don't forget VHDL and FPGA, it's very important!
crlf вне форума   Ответить с цитированием
Ответ

Опции темы Поиск в этой теме
Поиск в этой теме:

Расширенный поиск
Опции просмотра

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.

Быстрый переход



Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd. Перевод: zCarot