Ethical Hacker

Skills:

• Experience in conducting vulnerability assessments, code reviews and penetration tests against web/mobile application technologies, services, platforms and languages to find flaws and exploits (e.g. SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Remote Code Execution, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, etc.)
• Experience in conducting Threat Modeling
• Knowledge of network and Web related protocols/technologies
• Experience with web application vulnerability scanning tools (e.g. IBM AppScan, NetSparker, Burp Suite Pro etc.)
• Experience with vulnerability assessment tools and penetration testing techniques (e.g. web application proxies, packet capture analysis software, browser extensions, advanced penetration testing Linux distributions, static source code analyzers, SoapUI etc.)
• Experience of penetration testing on mobile platforms such as iOS, Android, Windows and RIM.
• Solid programming/debugging skills with proficiency in one or more of the following: Java, JavaScript, HTML, XML, PHP, ASP.NET, AJAX, JSON, Objective-C
• Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript)
• Mobile programming abilities such as Xcode, Objective-C
• Knowledge of a Structured Query Language
• Expert-level experience and very detailed technical knowledge in at least 3 of the following areas: general information security; security engineering; application architecture; authentication and security protocols; application session management; applied cryptography; common communication protocols; mobile frameworks, single sign-on technologies; exploit automation platforms; RESTful web services

Responsibilities:

• Understanding the requirements of the applications and how to use them
• Testing applications using a variety of tools to identify vulnerabilities that could expose the Bank to risk
• Monitoring existing and proposed security standard setting groups
• Conducting meetings to communicate the findings and implications to stakeholders
• Performing vulnerability fix verification testing in support of the remediation
• Providing technical support to clients, management and staff throughout risk assessments and the implementation of appropriate data security procedures and products
• Acting as a SME, providing guidance and knowledge to reduce the vulnerabilities and risk when apps are being created
• Sharing knowledge with technical and non-technical colleagues directly and through training sessions
• Ensuring identified risks are managed effectively
• Contributing to the development and enhancement of the control function

If you are interested in this position, please click "Apply Now" and we will review your qualifications & reach out to you for further discussion & next steps, if your skillsets meet the needs of the role.

Only shortlisted candidates will be responded to, therefore if you do not receive a response within 14 days please accept this as notification that you have not been shortlisted.

EA Licence No: 11C5502
Registration No: R1876903