Required knowledge, Skills & Experience
• A degree-level qualification in a relevant discipline or the equivalent level of experience gained in industry. An engineering degree and/or experience is a plus, as is experience in the gas and oil industry.
• Knowledge of security best practice guidelines.
Familiarity with one or all of the following:
Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP) and National Institute of Standards and Technology (NIST) Special Publications.
• Perform manual vulnerability assessment and penetration testing of applications, produce reports and walk development team through issues.
• Experience in application security testing / penetration testing tools such as Acunetix, WebInspect, Burp Suite and Fiddler etc.
• Total of 6+ years of experience, with minimum of 4+ years in security/Penetration testing with specific application penetration testing experience.
• Certification on any of the following is desirable.
CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker) or CISM (Certified Information Systems Manager).
• Possess knowledge of the agile development methodology and able to work with different scrum teams.
• Ability to solve complex technical problems and articulate to both technical and non-IT personnel.
• Provides technical guidance and mentorship to team members, as appropriate.
• Stay abreast of newer trends in tools and technologies used for web application security
• Excellent English with good communication skills both verbal and written in a concise and accurate manner.
Personal Attributes
• Effective communication skills
• Efficiency and effectiveness
• Analytical and logical thinking
• Sense of intellectual curiosity and creativity
• Critical thought and rational enquiry
• Ability to apply basic and fundamental knowledge
• Enthusiasm for learning
• Planning and time management skills
Technical skills
• Must possess a strong knowledge of enterprise application architecture and technologies including web, web services.
• Very strong understanding of browser concepts, HTTP, HTTPs, SSL, Encryption etc.
• Experience looking for security issues such as Cross Site Scripting, SQL Injection, Cookie Manipulation, Buffer Overflows, etc.
• Relevant Security tools knowledge in some or all of the following:
Network and web application scanners
Open source security tools such as proxies, fuzzers etc
BackTrack, Nessus, nmap, MetaSpolit, vulnerability scanning tools, tcpdump, wireshark, Nikto, etc.
Web Proxy tools such as Paros and/or Burp
Source Code Analyser like (SONAR , VeraCode,HP Fortify Source Code Analyzer...)
• Familiarity with one or all of the following C#, C++, Java, Visual Basic, PHP, Perl, Unix shell, Python etc
Should be able to perform code review to identify vulnerable code snippets
Should be familiar with code analysis tools.
• In depth knowledge of Microsoft OSs, Server technologies and Linux OS
Strong Knowledge of SQL server database, applications, and web server design and implementation.
Ethical hacking,Penetration Testing,
IT-Software- Software services