- Vulnerabilities discovery in Manual and Automated ways as part of Penetration testing and Application Security reviews;
- Evaluation of security risks and recommendation of threat mitigations;
- Documentation of findings; Record PoC videos; Reports presentation;
- Security training for internal QA and Development teams.
- Ability to manually find and exploit vulnerabilities in web, mobile, and on-premise applications;
- Experience with various penetration testing tools (Kali Linux, Burp Suit, Frida, Drozer, Metasploit, nmap, sqlmap);
- Experience at BlackBox and/or WhiteBox application assessment;
- Deep knowledge of one or more operating systems (Linux, Windows, Mac, IOS, Android, ect);
- Knowledge of different attack techniques (OWASP top 10; WASC; SQL injection; XSS; CSRF; SSRF; XXE; http response splitting; cache poisoning; code injection; MITM http/https, etc...);
- Experience to assess security with databases: SQL, nosql, LDAP;
- Knowledge and understanding of Application Security, System and Network Security, Authentication and Security protocols.
Would be a plus:
- Ability to run manual test of binaries for vulnerabilities;
- Experience in Jeb, IDA Pro, Process hacker;
- Experience in Social engineering attacks;