Senior Engineer, Web Application Penetration Tester

Company: News Corp
Location: Princeton
Posted on: August 7, 2022

Job Description:

Currently seeking Senior Engineer-Web Application Penetration Tester, to join our CyberSecurity Security team, based in the US. The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems.

Candidates must demonstrate the ability to analyze closed source applications using several off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to demonstrate exceptional organizational skills, work efficiently under minimal supervision, be able to deliver results that meet or exceed organization's expectations, be a strong team player, and actively participate in a fast-paced and challenging global environment.

Key Responsibilities:

Have a passion for breaking into websites and keen interest in information security.

Have a strong understanding of how web applications, both server side, and Single Page Applications function hosted in the cloud.

Have a keen eye towards business logic attacks.

Ability to perform web, mobile and API penetration testing

Intricate know how of BURP Suite Pro security tool

Prior corporate Experience of web penetration testing applications is required including PCI environments.

Deep understanding of OWASP top ten vulnerabilities.

You follow the bug bounty community closely to understand the latest hacking techniques.

Familiarity with manual code review techniques.

Strong plus familiarity with NodeJS, C#, PHP, Python, JAVA languages.

Familiarity with AWS ,Azure cloud

Requirements:

Atleast have a Bachelor's degree in computer science, software engineering or equivalent experience

Atleast have 5 to 7 years of Penetration testing experience (web, mobile, api)

Intricate know-how of BURP Suite Pro security tool and other Pen testing tools.

Ability to clearly state defensive techniques for discovered vulnerabilities.

Ability to communicate clearly how to remediate an issue.

Knowledge of how to write formal penetration reports and convey impact to business leaders.

Strong plus familiarity with NodeJS, C#, PHP, JAVA languages.

Strong plus familiarity with SWIFT, Objective-C, Kotlin languages (for mobile testing)

Expected to have some level of Python coding skills

Understanding of AWS IAM and AWS services is required. Other cloud platforms and plus.

Familiar with DNS Enumeration and supporting tools such as OWASP AMASS, Recon-Ng etc.

Experience with Gobuster, web fuzzing tools, nmap, password guessing/cracking and other common security tools.

Command line skills including writing bash scripts, powershell and ability to parse data from output of tools and logs

Some network penetration testing required.

Attend security conferences and CTF events regularly.

Desired Certifications :

GWAPT, GPEN,Offensive Security Web Expert (OSWE) , OSCP.

GIAC Cloud Penetration Testing (GCPN) is a huge plus.

Cloud Certifications good to have

PI186508219

Keywords: News Corp, Trenton , Senior Engineer, Web Application Penetration Tester, IT / Software / Systems , Princeton, New Jersey