Work In Tech

Find your next role at Canada's fastest-growing tech companies

Senior Penetration Tester

Knoldus Inc.

Knoldus Inc.

Quality Assurance
Ho Chi Minh City, Vietnam
Posted on Aug 28, 2024

Senior Penetration tester, also known as senior pen tester, is responsible for evaluating the security risks of the web and mobile application safely trying to exploit vulnerabilities in the application services and application flaws, improper configurations, or risky end-user behavior.

Job Description

  • Participate in client meetings to discuss and agree on security testing approach, estimation in new security test opportunities.
  • Plan and perform security testing of application designs, source code and deployments, covering the web application, web service, mobile application in software development.
  • Analyse security requirements from software development team to define the security software testing approach.
  • Do black box and white box security testing for web and mobile applications.
  • Follow up with the project team to verify the security risks.
  • Mentoring and coaching the project team to review code, troubleshoot the security risks.
  • Build up the security testing knowledge in the team.
  • Do black box and white box security testing for web and mobile applications.
  • To perform other tasks assigned by the Line Manager.

Qualifications

  • University level with bachelor’s degree in computer science or equivalence.
  • From 4 to 6+ years of working experience in software testing or IT.
  • From 2 to 3+ years of hand-on experience in application security testing.
  • Good English communication (written and oral).
  • Strong knowledge of security principles, techniques, and technologies (OWASP Top 10 For Web application or Mobile application)
  • Hand-on experience in security test for web or mobile application based on OWASP Top 10
  • Strong experience in the network protocols.
  • Good knowledge and understand the programming languages.
  • Excellent problem-solving skills and attention to detail.
  • Experience to use the tools: ZAP, Acunitex, BurpSuite, Netsparker, N-Stalker, sqlmap, kali linux
  • Industrial certifications holder: CISSP, CEH, SCP, GIACs, ComTIA Security+