Duration: 1Y contract with extension
Client is a world leading tech conglomerate with their R&D lab in Brussels
We are looking for an experienced web penetration tester. In this role, the new team member will focus on testing and evaluating the security of web applications and APIs. It includes creating and executing a pen-testing plan, reporting the identified vulnerabilities and providing recommendations on how to fix them.
•Hands on penetration testing
•Development of helper security verification tools
•Performing security design reviews of web applications and cloud deployments
•Security code reviews of web applications and/or web APIst
•Writing clear vulnerability reports and providing guidance to the development teams to help them fixing the security issues
•Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
KEY SKILLS AND EXPERIENCE:
•Strong hands-on penetration skills
•Deep knowledge of application security mechanisms such as authentication and authorization techniques, data validation, output sanitization/encoding and proper use of encryption
•Excellent understanding of web applications, web browsers, web servers and frameworks
•Experience with common penetration testing tools, including Burp Suite, Nessus, sqlmap, Nmap and Wireshark
•Good knowledge of network protocols and network protection techniques (firewalls, filtering, other) and methods for bypassing them
•Deep knowledge of web service technologies such as: WebSockets, SOAP, REST, JSON, XML, etc., as well as deep knowledge of WebService security schemes: OAuth, SAML, etc.
•Good working knowledge of at least one of these scripting languages or frameworks: Python, Ruby, NodeJS, PHP
•Working knowledge of basic cryptographic principles: symmetric/asymmetric encryption, PKI, etc.
•Experience with fuzzing and security code review
•Knowledge of multiple RDBMS systems: MySQL , PostgreSQL, ORACLE, etc.
•Excellent analytical skills and ability to think out of the box
•Experience with both Linux and Windows OS
HIGHLY DESIRABLE EXPERIENCE
•Experience with AWS (including serverless architectures), GCP, MS Azure
•Mobile application security (Android and iOS)
•Experience with SAP and particularly SAP Hybris