We are looking for a QA engineer to develop and execute manual and automated tests with primary focus on penetrating testing of web applications to ensure product quality. You will be involved with testing new product features and take ownership of debugging and working with development team on taking issues to closure. As a team member, you will be self- motivated and work together with the team.
Responsibilities:
• To design, develop, execute and automate test cases to test the vulnerability assessment and penetration testing service on the web portal
• Write and execute detailed test plans for feature tests, negative tests, scale and stress tests
• Ability to build test/internal web applications
• Analyse test results and debug test failures
• Track defects from discovery through resolution
• Strong and effective inter-personal and communication skills and the ability to interact professionally with a diverse group of peers, customers and others
Requirements:
• 2-4 years of penetration testing of web/cloud applications
• In depth knowledge of web application attacks and defence strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc)
• Strong knowledge of OWASP TOP 10 (both Web and Mobile) and the ability to effectively communicate methodologies and techniques
• Should be familiar with Vulnerability Assessment, Penetration Testing and Risk Assessment
• Good Understanding of all security related fundamentals, standards and compliances
• Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools
• Proficiency with understanding and writing modifying exploits
• Packet capture analysis and experience using tools including Burp, Nessus, Nmap, Metasploit, nipper and similar
• Experience in scripting, preferably python
• Experience on Linux environment and virtualization
• Excellent problem solving ability with experience in diagnosing complex system issues including strong debugging skills
Desirable:
• Knowledge of network protocols, network technologies
• Experience on relational/non-relational databases
• Recognised security testing certifications (OSCP, CEH)
Penetration Testing, OWASP, SQL Injection, Cross-site Scripting
--
You must verify your mobile number to apply to this job.