Just finished up submitting vulnerability you found to a bug bounty program? Is the single quote key worn down on your keyboard? Then you should know we are hiring!
Our web application hackers speak SQL and make the DOM beg for mercy. As part of our elite team of penetration testers you’ll find yourself owning some of the most complex and mission critical web applications. Spanning across every vertical market, our client’s applications will test your skills and creativity on daily basis. You like a challenge? You got one!
Our Application Security Consultants also have significant experience reviewing a wide variety of software including portals, e-commerce sites, financial services and health care applications, and desktop and developer software. Candidates will work with Foundstone’s Software & Application Security Services (SASS) Team. This position is a great opportunity for someone with strong software development and penetration testing skills.
Your tasks and required skills (not limited to):
o Conduct web application security assessments and penetration tests. These are very systematic assessments which are done using the Foundstone proprietary methodology. The assessments involve manual testing and analysis as well as the use of our clients proprietary & commercial automated web application vulnerability scanning/testing tools.
o Assess applications for issues surrounding Authentication, Authorization, User management, Session management, Data validation, including all common attacks such as SQL injection, Cross-site scripting, Command injection, Error handling, Auditing and logging.
o Assess the security aspects of Web Services design and implementation, including confidentiality, integrity, trust relationships, and authentication using security standards like XML signatures, XML encryption, SAML, and WS-Security.
o Knowledge of tools such as Fiddler, Paros, Burp, Sqlmap, Nikto, Nmap, Openssl, Mallory, Wireshark etc.
o Mobile application development, assessment (iOS, Android, Windows) experience
o Thick client assessment experience
o Vulnerability and network penetration assessments
o Write formal security assessment reports for each application, using our clients reporting format.
o Participate in conference calls with clients to perform initial data gathering and a follow-up advisory for technical issues.
o Publish whitepapers, tools and deliver presentations. Integrity to generate professional original content without plagiarizing.
o Bachelor’s or Master’s degree in Computer Science or equivalent
Any of the following skills are a plus
o Web application development experience in any of the major languages such as C#, Java, PHP, ASP.NET etc. is a plus
o Experience reviewing code in C, C++, Java, PHP, C#, ASP.NET, Go etc.
o Familiarity with automated source code analysis tools such as Fortify, Appscan etc.
o Binary reversing and analysis experience
o Knowledge in Cloud Security
o Certifications such as CISSP, OCSP, MCSA:Azure, AWS, GSEC or CEH is a plus