A well established Pentasia client is on the lookout for an AppSec Security Engineer.
You will be responsible for qualitative testing of our web application security within various stages of the Software Development Life Cycle (SDLC)
You'll be tasked to help strengthen the company’s security posture through penetration testing, automated (and semi-automated) tooling, tracking identified vulnerabilities & providing resolutions.
THE JOB AT HAND:
- You will help bridge the gaps between Operations, Engineering, Development, Product, Security and the rest of the business to create a secure and stable network & infrastructure.
- You will also review product requirements and perform risk assessments on planned application changes.
- This role requires a highly collaborative approach paired with excellent communication skills to balance trade offs, push back and even negotiation to get things done.
THE CHALLENGE AHEAD:
- Managing integration and use of AppSec related tooling such as Static or Dynamic Application Testing tools
- Proven past participation in bug bounty, CTFs, ethical hacking, or contributing to other security related research activities
- Hands-on experience working in cloud-hosted environments, such as Amazon Web Services (AWS)
- Subject matter expertise for application vulnerability scanning and penetration testing remediation, taking charge of bug intake and remediation process for the organisation
- Responsible for upholding code reviews across all code platforms
- Conducting Risk Assessments as part of a larger Risk Management framework
- Relevant qualifications such as OSCP are considered as an asset.
AN IDEAL PROFILE MIGHT LOOK LIKE:
- Proven working experience in an AppSec role
- Experience working with diverse AppSec frameworks and methodologies such as OWASP Top 10, MITRE ATT&CK,
- Experience working with diverse automated or manual AppSec testing tools, including tools offered in Kali/Parrot OS such as sqlmap, Metasploit, wfuzz, Burp Suite
- Experience writing scripts and/or vulnerability POCs in either PHP, Python, Bash programming languages.