Mobile/Web Penetration Tester/Mobile Security Engineer
Прямой работодатель Access Softek ( accesssoftek.com )
Опыт работы от 1 года до 3х лет
Join Access Softek, an innovative software company revolutionizing digital banking with our cutting-edge online and mobile banking solutions. With a commitment to innovation through mobile-first technology, machine learning, and AI, we are seeking a Penetration Tester to ensure the security and integrity of our products. This role involves conducting rigorous penetration tests across our web and mobile banking platforms to identify vulnerabilities and improve our cybersecurity measures. As a full-time, remote position, we offer the flexibility to work from anywhere in the world, contributing to a team that reaches millions of users and prioritizes digital security and innovation.
As a Mobile/Web Penetration Tester/Mobile Security Engineer, you will help with assessing the security level of mobile applications. This position will require advanced technical depth and experience.
Responsibilities:
- Conducting comprehensive penetration tests on mobile (main responsibility) and web applications to identify vulnerabilities.
- Demonstrating considerable knowledge of planning and estimating specific to security assessment activities.
- Collaborating with technical and management personnel across the full security assessment life cycle.
- Utilize problem-solving skills, especially within troubleshooting complex issues while identifying options and/or alternatives.
- Documenting all disclosed issues using different reporting formats (e.g. available for distribution to different concerned parties: business, technicians, clients).
- Providing remediation suggestions to correct disclosed issues.
- Conducting security testing in line with QA methodology and software development technologies, ensuring thorough issue reporting, bug reproduction, and mitigation processes.
- Manage and contribute to planning, coordination, and successful completion of security engagements.
Requirements:
- At least 1 year of practical proven experience in penetration testing (including mobile).
- Ability to evaluate Web/Mobile application requirements, processes, and technologies.
- Experience in security testing of iOS and Android applications based on different technologies (Objective C, Java).
- Experience in security testing of Web Services (SOAP, RESTful, GraphQL).
- Experience in different vulnerability scanners (MobSF, Qark, AndroBugs, OWASP ZAP, Burp Suite etc.).
- Experience with exploitation tools and frameworks such as ADB, idb, Frida, Xposed, and Inspeckage.
- Understanding of mobile security testing process (e.g. OWASP Mobile Security Testing Guide, OWASP MASVS).
- Good understanding of the TCP/IP protocol stack, encryption methods, and their implementations, including symmetric vs asymmetric cryptoprotocols and SSL/TLS protocols.
- Solid knowledge of web services implementation (nginx, IIS/ASP.net, .NetCore, javascript), including HTTP/HTTPS and WebSocket protocols.
- Ability to develop custom scripts for assessment purposes using Python, Bash, PowerShell, or JavaScript.
- Knowledge of key InfoSec principles, standards (ISO/IEC 27001-27002, PCI DSS), and governance frameworks.
- Strong analytical skills to assess security vulnerabilities and execute penetration tests effectively.
Nice to have:
- Experience in AWS services and AWS-serverless stack.
- Certification in the security field.
- Understanding of and practical experience in the security audit process, meeting fintech security compliance requirements (PCI DSS).
- Previous experience as a software engineer or knowledge of software development methodologies.
- Experience in security testing of network infrastructure.
- Experience in the development of security-related documentation.
Our benefits:
- Fully remote work.
- Home office equipment (computer, additional monitor, etc.), if necessary.
- Internet compensation (50$ per month).
- Long-term employment.
- Paid vacation and days off on national holidays.
- Paid sick leave and internal medical insurance policy.
- English at special corporate rates.
- Community of practice, regular knowledge sharing among colleagues.
- Friendly and easy-going international team and colleagues.