Responsibilities:
Join planning sessions and walkthroughs to understand scope and requirements
Map out how the application works by exploring it (both public and logged-in areas).
Review the source code to spot potential risks.
Record and analyse traffic between client and server using tools like proxies and sniffers.
Run vulnerability scans using commercial, open-source, and proprietary tools.
Manually check scan results to remove false positives.
Analyse the application’s code using static code analysers.
Test for common security issues, such as:
Authentication & authorisation flaws
Session & configuration management weaknesses
Input validation & sensitive data handling issues
Cryptography & exception handling gaps
Requirements
At least 3 years in penetration testing.
Manual exploitation of vulnerabilities following OWASP Top Ten standards.
Practical experience finding and exploiting web app and API vulnerabilities (mainly manual testing ~90%, some automated testing ~10%)
Strong experience in application security testing and secure code review.
Hands-on experience with vulnerability scanners, static code analysers, and network sniffers.
Knowledge of secure coding practices and how to detect vulnerabilities.
Ability to work with global teams and deliver high quality work and standards
Attention to detail, documentation, and communication skills.
Oliver James Associates
You must sign in to apply for this position.