- Offerd Salary Negotiable
- Experience 5 Years
- INDUSTRY Information Technology
- Qualification Bachelor Degree
Job Description
Job description
Role Objective:
Conduct Mobile Application Security Assessment, identifying vulnerabilities and application weaknesses.
Key Responsibilities:
- Provide a professional security assessment findings report for each engagement, listing the findings with relevant technical description, severity level and technical recommendations for remediation.
- Conduct both dynamic and static mobile application testing for both: iOS and Android platform, covering web (client side and server side), File Systems and permission, API testing and code review.
- Ability to provide proof of concept for each finding and demonstrate its impact for both client and server side.
- Conduct a briefing to application development team, if needed.
- Follow Q-CERT Technical Security Assessment procedure.
Desirable Skills and Competencies:
- Bachelor degree in IT with focus on technical or security domain.
- Above 5 years of experience in penetration testing with expertise in well-known security tools such as :Nmap, Metaspoilt, Kali Linux, Burp Suite Pro, etc., and other commercial tools.
- Experience with Security Development Life Cycle (SDLC) and well known security standards and best practices, such as OWASP Top 10.
- Above 2 years of experience in mobile application penetration testing, code review and reversing
- Experience with mobile application testing and code review such as : otool, Android SDK, etc.
- Experience with main programming languages such as: C/C++/ C#/ ObjC, Swift, Java, PHP or.NET as well as scripting languages such as ruby, python, POSIX shell, etc.
- Strong technical communication skills include technical writing, and verbal communication with other team members.
- Strong understanding of :
– Web protocols (e.g HTTP, HTTPS and SOAP) and web technologies (e.g HTML, Java, script, XML, AJAX, JSON and REST)
– Mobile Application Risk such as : Insecure Data Storage, Improper Session Handling, Insufficient Transport Layer projection, etc.
Preferences:
Official penetration testing certificates from trusted organizations such as : Offensive security, SANS Institutes