Senior Web Application Vulnerability Analyst required to take the lead on external vulnerability assessment programme.
You will be reviewing web applications, network/cloud services, API, web portals, Digital certificates to identify security vulnerabilities or misconfigurations using manual, automated testing and advise development teams to strategically resolve identified issues.
This role is required because we are expanding our vulnerability management program to include continuous assessment of the customers internet facing services.
You will be working with a world class team contributing to strengthening the security posture of one of the largest cloud deployments in the region!
As a member of the Cyber Security Team you would need a strong hands-on background on web application attack vectors.
You will be tasked with identifying, validating , tracking, recommending mitigations and remediations for vulnerabilities that emerge on the customer external facing web/network services.
Role:
Analyse application security tools scan results to size and assess security loopholes, threats and advise Development teams to resolve identified vulnerabilities.
Performs manual application security testing for identification and validation of vulnerabilities and weak configurations.
Develop a vulnerability assessment and penetration testing report
Coordinates with other functional groups involved in Information Security, Risk, Security Architecture and Application Development teams.
Analyzing web, API, Network services and applications for security vulnerabilities.
Documenting procedures for the External Vulnerability assessment.
Identification of owners to the web application, if a new url/service emerges.
Creating proof-of-concepts to highlight the impact of Application Security vulnerabilities to development teams
Required:
Deep knowledge on OWASP Top 10 and OWASP API Security Top 10
Solid hands-on experience performing web application, API vulnerability assessments.
Familiar with one of the scripting language like Python, VBscript, Javascript, Powershell, Ruby
Public disclosure of vulnerabilities or relevant awards / participations from Capture-The-Flags (CTF) competitions
Experience using tools such as Nexpose/Nessus, BurpSuite, Metasploit, etc.
Experience in API Security Opensource Security Scanning (OSS)
Certifications such as GCPN, GPEN, CREST, OSCP, GWAPT
Knowledge of vulnerabilities in Cloud native applications
For more information you can email Eric Okumu in our Singapore office on eric.okumu@teksystems.com quoting Job Reference Eric Okumu 534909 or alternatively, apply here to register your interest.