Enterprise / Web Application Pen Testing Engineering
Apply NowCompany: Sarian, Inc.
Location: Sunnyvale, CA 94087
Description:
6+ years as a principal security consultant or senior level
Experience manually testing web applications or enterprise penetration testing
Experience with a scripting language (e.g. Perl, python, PHP, ruby) and a programming language (e.g. JAVA, Objective C)
Proficiency in Mac OS X and/or other flavors of UNIX
General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) to provide application architecture feedback
Background in web application development and/or code auditing strongly preferred
Strong verbal & written communication skills
Passion for discovering and researching new vulnerabilities and exploitation techniques
Strong knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities (such as XXE, XXS, SQLi, etc.)
Scoper
Ability to ascertain and clearly articulate the size and scope of an assessment
Strong verbal & written communication skills
Strong understanding of Web and Mobile appsec testing and vulnerabilities
General understanding of secure network architecture and design
General knowledge of common web technology stacks (LAMP, LEMP, MEAN, etc.)
General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
Experience manually testing web applications or enterprise penetration testing
Experience with a scripting language (e.g. Perl, python, PHP, ruby) and a programming language (e.g. JAVA, Objective C)
Proficiency in Mac OS X and/or other flavors of UNIX
General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) to provide application architecture feedback
Background in web application development and/or code auditing strongly preferred
Strong verbal & written communication skills
Passion for discovering and researching new vulnerabilities and exploitation techniques
Strong knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities (such as XXE, XXS, SQLi, etc.)
Scoper
Ability to ascertain and clearly articulate the size and scope of an assessment
Strong verbal & written communication skills
Strong understanding of Web and Mobile appsec testing and vulnerabilities
General understanding of secure network architecture and design
General knowledge of common web technology stacks (LAMP, LEMP, MEAN, etc.)
General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services