Hiring Penetration Tester for Dubai

Job Description:

Your Role and Responsibilities
Who you are:
As a penetration tester you will perform security testing of IBM product and SAAS offerings in development and production environment. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and share best practices / lessons learnt for secure coding/design.

What you’ll do:

• Carry out application, network, systems and infrastructure penetration tests
• Review physical security and perform social engineering tests where appropriate
• Evaluate and select from a range of penetration testing tools
• Keep up to date with latest testing and ethical hacking methods
• Deploy the testing methodology and collect data
• Report on findings to a range of stakeholders
• Make suggestions for security improvements
• Enhance existing methodology material

Required Technical and Professional Expertise

• 4+ years of relevant experience in security testing
• 2+ years of relevat experience with security tools
• Web Application Penetration Testing

• Basic understanding of HTTP Protocol HTTP Methods, Request/ Response Headers, Cookies, TCP/IP connections over HTTP etc..

• Basic understanding of HTML/ JavaScript
• Good Understanding of security vulnerabilities.
• OWASP Top 10 vulnerabilities
• Automated Testing

• Must to have knowledge of at least one of IBM AppScan OR BurpSuite scanner., ZAP scanner(Good to have knowledge of both the tools.)
• Should be able to configure automated scanner (such as Login sequence, Manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.
• Assessment of scanner results and intelligently identifying false positives from the scan results.

Preferred Technical and Professional Expertise

• Plan the penetration test
• Select, design and create appropriate tools for testing
• Perform the penetration test on computer systems, networks, web-based and mobile applications
• Document your methodologies, findings
• Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.
• Review your findings and feedback to development teams
• Analyse the outcomes and make recommendations for security improvements.