Senior Penetration Tester (offline)
Requirements:
• 5 years of experience in Information Security
• Strong expertize in performing security analysis and identifying possible vulnerabilities, creating Vulnerability Assessment report
• Skilled using various tools like Automatic Scanner, NMAP, Dirbuster, Qualys, Nexpose, Nessus, BurpSuite, Metasploit and etc for web application penetration tests and infrastructure testing
• Experience & knowledges in performing scanning, data analysis, taking remediation steps
• GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) is much appreciated
Responsibilities:
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation
• Perform pen tests on different application
• Perform grey box, black box testing of the web applications
• Create written reports, detailing assessment findings and recommendations
• Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms
• Perform risk assessments to ensure corporate compliance
• Controls on session management like Server-side session states, session termination, Session ID randomness, expiration, Unique tokens, concurrent logged in session, session fixation prevention
• Perform Static assessment of various applications by Static code analyzers
• Perform Dynamic assessment of applications by code analyzer tools and verify false positives
• Develop threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications
• Performed static code reviews with the help of automation tools
• Perform the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis
• Execute daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems
• Perform, review and analyze security vulnerability data to identify applicability and false positives
• Work closely with research and development teams for vulnerability remediation
• Plan and Design Vulnerability assessement process
• Work with other employees to improve the level of cybersecurity
• Analyze and assessed risk in the environment
• Identify issues in the web applications in various categories like Cryptography, Exception Management
• Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards
• Analyze parsed data from Qualys for Vulnerability Remediation
• Work on Vendor based Applications, Middleware and layer products
• Provide both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
• Analyze data and prepared reports that document vulnerabilities from network based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
• Perform remediation activities for Applications, OS, Database, Middleware, Digital Certificate, Layer Products, Java
• Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations
• Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Qualys and Passive Vulnerability Scanning
• Work on Enterprise Release Management and Governance activities
• Work closely with all competency teams to effectively and efficiently remediate vulnerabilities
We offer:
• Official employment & social guarantees
• Flexible work hours and remoted working days
• 31 calendar days of vacation
• Medical insurance
• Professional trainings
• Free mobile communication & discounts for family members
• Active corporate life
You are welcome to send us your CV with the salary expectations.
• 5 years of experience in Information Security
• Strong expertize in performing security analysis and identifying possible vulnerabilities, creating Vulnerability Assessment report
• Skilled using various tools like Automatic Scanner, NMAP, Dirbuster, Qualys, Nexpose, Nessus, BurpSuite, Metasploit and etc for web application penetration tests and infrastructure testing
• Experience & knowledges in performing scanning, data analysis, taking remediation steps
• GIAC Certified Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) is much appreciated
Responsibilities:
• Performing security analysis and identifying possible vulnerabilities in the key derivation function, create Vulnerability Assessment report detailing exposures that were identified, rate the severity of the system & suggestions to mitigate any exposures & testing known vulnerabilities
• OWASP Top 10 Issues identifications like SQLi, CSRF, XSS, Path Manipulation
• Perform pen tests on different application
• Perform grey box, black box testing of the web applications
• Create written reports, detailing assessment findings and recommendations
• Found web site security issues (XSS, CSRF, session fixation, SQL injection, information leakage, application logic etc.) across various platforms
• Perform risk assessments to ensure corporate compliance
• Controls on session management like Server-side session states, session termination, Session ID randomness, expiration, Unique tokens, concurrent logged in session, session fixation prevention
• Perform Static assessment of various applications by Static code analyzers
• Perform Dynamic assessment of applications by code analyzer tools and verify false positives
• Develop threat modeling framework (STRIDE, DREAD) for critical applications to identify potential threats during the design phase of applications
• Performed static code reviews with the help of automation tools
• Perform the penetration testing of mobile (Android and iOS) applications, specifically, APK reverse engineering, traffic analysis and manipulation, dynamic runtime analysis
• Execute daily vulnerability assessments, threat assessment, mitigation and reporting activities to safeguard information assets and ensure protection has been put in place on the systems
• Perform, review and analyze security vulnerability data to identify applicability and false positives
• Work closely with research and development teams for vulnerability remediation
• Plan and Design Vulnerability assessement process
• Work with other employees to improve the level of cybersecurity
• Analyze and assessed risk in the environment
• Identify issues in the web applications in various categories like Cryptography, Exception Management
• Work with software development teams, DB/Unix administrators and solution architects as a subject matter expert related to security compliance with PCI DSS and industry standards
• Analyze parsed data from Qualys for Vulnerability Remediation
• Work on Vendor based Applications, Middleware and layer products
• Provide both strategic analysis and near real-time auditing, investigating, reporting, remediation, coordinating and tracking of security-related activities for customer
• Analyze data and prepared reports that document vulnerabilities from network based attacks and recommended actions to prevent, repair or mitigate these vulnerabilities
• Perform remediation activities for Applications, OS, Database, Middleware, Digital Certificate, Layer Products, Java
• Identify issues on sessions management, Input validations, output encoding, Logging Exceptions, Cookie attributes, Encryption, Privilege escalations
• Proactively identified system vulnerabilities to reduce or eliminate potential exploitation using Qualys and Passive Vulnerability Scanning
• Work on Enterprise Release Management and Governance activities
• Work closely with all competency teams to effectively and efficiently remediate vulnerabilities
We offer:
• Official employment & social guarantees
• Flexible work hours and remoted working days
• 31 calendar days of vacation
• Medical insurance
• Professional trainings
• Free mobile communication & discounts for family members
• Active corporate life
You are welcome to send us your CV with the salary expectations.
About Vodafone Ukraine
Vodafone – міжнародна компанія, яка надає послуги зв’язку і створює корисні IT-продукти.Наша мета – бути найкращими для клієнтів та працівників.
Ми задаємо світові стандарти, яким слідують інші, вигадуємо і впроваджуємо нові цікаві технології та сервіси аж у 80 країнах світу. Тому нам завжди потрібні справжні професіонали.
Company website:
https://career.vodafone.ua/
DOU company page:
https://jobs.dou.ua/companies/vodafone-ukraine/vacancies/?from=jobs-logo
The job ad is no longer active
Job unpublished on
2 July 2021
Look at the current jobs Security Kyiv→
Average salary range of similar jobs in
analytics →
Similar jobs
TechOps Engineer Part — time at Digicode
Ukraine
Security Architect at OTP Bank UA 🏦
Ukraine
Старший мережевий адміністратор / NOC (Network Operations Center) інженер at Zagoriy Foundation
Ukraine
All jobs Security Kyiv All jobs Vodafone Ukraine