H

PARTNER CONSULTANT - Penetration Testing

Happiest Minds Technologies · Bengaluru, Karnataka, India

6–14 yrs experiencefull_timePosted 1mo ago
Apply now →

Job description

**Job details** •        **Proposed designation:** Consultant •        **Role type:** Individual contributor •        **Reporting to :** Manager •        **Geo to be supported:** US •        **Work timings: 12 PM to 9 PM**   **Roles & responsibilities** - Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications - Perform manual security code review against common programming languages (Java, CSharp). - Perform automated testing of running applications and static code (SAST, DAST). - Experience in one or more of the following a plus: AI pen testing. - Need to work on application tools to perform security tests: AppScan, NetsSparker, Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux. - Able to explain IDOR, Second Order SQL Injection, CSRF – Vulnerability, Root cause, Remediation   **Educational qualifications** - Masters (preferably in computer science or MCA) and/or B.E. / B. Tech (from a reputed University). **Work experience** •            4– 8  years of post-qualification experience with strong working knowledge on Manual Security code review. •          **Mandatory  technical & functional skills** - Strong knowledge on manual secure code review against common programming languages (Java, C#) - Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix,  Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent. - Minimum three (3) years of performing manual penetration testing and code review against web apps, mobile apps, and APIs - Minimum three (3) years of working with technical and non-technical audiences in reporting results and lead remediation conversations. - Preferred one year of experience in development of web applications and/or APIs. - should be able to identify and work with new tools / technologies to plug and play on client projects as needed to solve the problem at hand. - One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA