Application Security - Senior Associate

  • Sector: 专业服务
  • Contact: Vina Katrina Tapales
  • Location: 菲律宾
  • Salary: Negotiable
  • Expiry Date: 04 October 2022
  • Job Ref: BBBH404677_1663669036
  • Contact Email: vina.tapales@monroeconsulting.com.ph

Executive recruitment company Monroe Consulting Group Philippines is recruiting on behalf of one of the top professional service companies and brand of firms around the globe. Our reputable client is looking for Application Security - Senior Associate for dayshift and hybrid setup. Company is based in Makati City.

Key Job Responsibilities:

  • Conduct cyber-attack simulations as part of the RED team activity
  • Conduct Vulnerability Assessment (VA) and Penetration Testing (PT) and configuration review for network, web, mobile and thick-client applications, APIs, POS etc
  • Conduct source-code review using automated and manual approaches, review results to eliminate false positives
  • Conduct configuration reviews for OS , DB, Firewall, routers, Switches and other security devices/components
  • Perform manual testing of web applications
  • Prepare detailed reports and ensure timely delivery of status updates and final reports to clients
  • Discuss findings with client stakeholders and explain recommendations
  • Keep abreast of the latest IT Security news, exploits, hacks
  • Prepare Threat Intelligence reports for newly discovered threat agents, exploits, attacks

Key Job Requirements:

  • Bachelors in Computer Science/IT/Electronics Engineering or equivalent University degree.
  • Minimum of 3-4 years of experience in the Security testing areas.
  • Certifications: CREST CRT, CREST CPSA, Offensive Security Certified Professional (OSCP), GIAC Certified Web Application Defender (GWEB)
  • Other Certifications: OSWP, BSCP, Certified Red Team Professional
  • Thorough and practical knowledge of OWASP, network protocols, data on the wire, and covert channels
  • Hands on experience with popular security tools - Nmap, Nessus, Kali, Metasploit, BurpSuite, Netsparker, OWASP CSRF Tester, Fortify/Checkmarx, SonarQube, Synopsys, SQLite browser, Drozer
  • Working knowledge of manual testing of web applications
  • Understands Software Development Life Cycle and SOAP, REST and GraphQL APIs
  • Skills in performing VAPT for Web applications, Mobile applications, APIs, Network infrastructure, Thick client applications
  • Good knowledge of modifying and compiling exploit code
  • Good understanding and knowledge of codes languages
  • Has practical experience in auditing various OS, DB, Network and Security technologies
  • Strong understanding Unix/Linux/Mac/Windows, operating systems, including bash and Powershell
  • Experience in at least three of the following:
    • Set up and operate red team infrastructure
    • Perform targeted, covert penetration tests with vulnerability identification, exploitation, and post-exploitation activities
    • Email, phone, or physical social-engineering assessments
    • Developing, extending, or modifying exploits, shellcode or exploit tools
    • Reverse engineering malware, data obfuscators, or ciphers
    • Strong credentials in wireless, web application, and network security testing
    • Familiar with MITRE ATT&CK framework and D3FEND matrix