Spk Technologies inc
SCA Manual Security Code Review
Spk Technologies inc, Ashburn, Virginia, United States, 22093
Job Description:
Mandatory:
Perform manual security code review against common programming languages (Java, .NET) - Critical/must have
Perform automated testing of running applications and static code (SAST, DAST)
Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
Formal programming experience is a must in Java/c# at least 6 months
Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems
Good to Have:
One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA
Provide technical leadership and advice to team members on penetration test engagements
Converse with technical and non-technical audiences to articulate both testing processes, techniques and results
Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests
Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent
Mandatory:
Perform manual security code review against common programming languages (Java, .NET) - Critical/must have
Perform automated testing of running applications and static code (SAST, DAST)
Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
Formal programming experience is a must in Java/c# at least 6 months
Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems
Good to Have:
One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSCP, OSWE, OSWA
Provide technical leadership and advice to team members on penetration test engagements
Converse with technical and non-technical audiences to articulate both testing processes, techniques and results
Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests
Minimum three (3) years of recent experience working with application tools to perform security tests: AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, Kali Linux, or equivalent