Web Assessment engineer Offline

Web vulnerability assessments and penetration testing of internal products:

• Black-box pen test of WEB services and server infrastructure;

• Black-box/Grey-box security validation of cloud-based infrastructure;

• Enterprise IT infra penetration testing

Major Requirements:

• BlackBox and WhiteBox WEB pen.testing and vulnerability assessment experience;

• BlackBox pentest experience of cloud infrastructures and services.;

• OWASP Top-10: understanding of common Web Application vulnerabilities;

• DB: uderstanding of database operation (pref. PostgreSQL, MongoDB, MySQL, SQLite, MS SQL);

• Good technical English

Optional Requirements:

• security background (University, relevant prior employment, community activities, CTF);

• cryptography: understanding of crypto primitives and protocols (SSL/TLS, authentication & authorization protocols, crypto algs.);

• strong understanding of REST, SOAP operation;

• pen.test experience of solutions hosted on popular cloud platforms (Alibaba, GCP, Azure, AWS);

• toolset: hands-on experience with Burp, scripting (Python), assessment automation tools (fuzz, scan);

• network security: understanding of WAF, CDN, IPS/IDS operation and weaknesses;

• understanding of Devices-to-Cloud Services assessment principles;

• understanding of OSINT tools and techniques

Benefits:

• competitive salary, annual salary review, annual bonuses

• paid 28 work days of annual vacations and sick leaves

• opportunity to become an inventor of international patents with paid bonuses

• medical & life insurance for employees and their children

• paid lunches

• discounts on Samsung products, gym, restaurants, services

• English language courses

• regular education and self-development on internal courses and seminars