Intern QA Engineer testing web and mobile applications, while collaborating with delivery teams at Flutter Entertainment. Responsible for executing and developing tests to ensure product quality.
CT
Hybrid Vulnerability Assessment and Penetration Testing Engineer
Posted 2 weeks ago
About the role
- Vulnerability Assessment and Penetration Testing Engineer in Manila for Continent 8’s Managed Security Services team. Responsible for identifying security weaknesses and ensuring protection against threats.
Responsibilities
- Oversee the planning, execution, and reporting of VAPT tests, ensuring that testing activities align with best practices and meet the organization's goals.
- Collaborating with stakeholders to define project scopes, objectives, and timelines for vulnerability assessments and penetration tests.
- Conducting vulnerability assessments, code reviews and penetration tests against web technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.).
- Implementation and utilisation of web application vulnerability scanning tools (e.g. Invicti DAST Scanner, SoapUI, Burp Suite Pro, Checkmarx etc.) to automate the process of VAPT testing.
- Act as a domain expert around vulnerability and penetration testing.
- Create risk assessments to evaluate the severity and potential impact of identified vulnerabilities, considering factors such as exploitability and potential business impact.
- Provide remediation guidance to technical teams and customer stakeholders on the appropriate steps to remediate identified vulnerabilities effectively.
- Generate comprehensive and actionable reports from penetration tests and vulnerability assessments, communicating findings to relevant stakeholders.
- Continuously assess and enhance the VA/PT processes, methodologies, and tools to adapt to emerging threats and improve efficiency.
- Collaborate with the customer’s IT teams, development teams, and other stakeholders to ensure security considerations are integrated throughout the software development lifecycle.
- Stay informed about the latest threat intelligence and attack trends to guide testing efforts and prioritize critical vulnerabilities.
- Ensure that vulnerability assessments and penetration tests align with industry standards, regulations, and compliance requirements.
Requirements
- Proven track record 5+ years of experience in vulnerability scanning, analysis & penetration testing of websites, cloud hosted applications, APIs and networks (etc.)
- Excellent understanding of common app/apis/network vulnerabilities & attacks (OWASP Top 10s, SANS Top 25, CVEs, CWEs..)
- Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux, Sn1per, Maltego (non-exhaustive list)
- Knowledge of manual testing of web applications
- Knowledge of DevSecOps and integrating security into CI/CD pipelines
- One or more of the following certifications: GWAPT, CEH, OSCP, SANS, CISSP, GXPN, OSCE (or qualified work experience).
- Expert-level experience and very detailed technical knowledge in at least 3 of the following areas: General information security. Security engineering. Application architecture. Authentication and security protocols. Application session management. Applied cryptography. Common communication protocols. Mobile frameworks. Single sign-on technologies. Development frameworks (Angular, React, etc.).
- Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript).
- Knowledge of a Structured Query Language.
- Good knowledge of modifying and compiling exploit code
- Hands on experience of working in Windows and Linux
- Has practical experience in auditing various Operating Systems, Databases, Network and Security technologies
- Had exposure in Ethical Hacking competitions and programs like Bug Bounty, Capture the Flag etc.
Benefits
- Professional development opportunities
- Flexible work arrangements
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Looking for a Mystery Shopper to assess customer service quality in Bludenz. Join our team to help improve services for various renowned companies.
QA Tester ensuring quality software for mobile applications at JustDice GmbH. Working in a hybrid environment, collaborating closely with development and product teams for continuous improvement.
Staff Quality Engineer leading quality and compliance strategies within a key role at Integra LifeSciences. Driving improvement objectives across multiple design and manufacturing facilities.
QA Engineer focusing on quality assurance in a dynamic environment at BT Group. Collaborating with teams to enhance software reliability and product release confidence.
Senior QA Engineer at Pitch enhancing software testing and QA processes. Collaborating with multiple teams to ensure quality and performance of applications through automated testing.
Software Dev QA Developer at Fortinet running tests on FortiGate products. Collaborating with developers and researching new cybersecurity technologies.
Fortinet is looking for a QA Engineer to execute testing on network security products. The role involves manual and automated testing in a collaborative environment.
Quality Assurance Intern assisting with QA in trial master files and software testing. Working under the Director of Education and Training to learn about QA practices and regulations.
Quality Assurance Engineering Manager leading QA/Testing center of excellence for security solutions. Ensures highest quality of software and hardware products with hands - on leadership in Agile environment.