Application Security/PenTester Engineer

הרצליה |
3-4 שנים |
משרה מלאה
| 23/01/2022
תיאור משרה

For an established hi-tech company developing platforms for the automatic generation of data-based content, with offices in the Sharon.
As the Application Security Engineer, you will report to the Director of Offensive Security and do the below responsibilities
Responsibilities :
Security code reviewing projects written in various programming languages
Triaging and prioritizing security issues reported by SAST tools
Writing proof-of-concept exploit code to demonstrate security vulnerabilities
Creating and presenting secure-coding practices training sessions
Participate in a larger security team including working closely with R&D engineers and DevOps
Review architecture and designs with R&D engineers to identify risks
Write code to solve problems during testing
Train users in secure code development
Analyze, document and present solutions meeting our needs.
1+ years of demonstrable work experience in secure development, security research or penetration testing
Experience with reviewing source code written in Java, .NET, JavaScript, Python
Knowledge of web, mobile, chrome extensions and other production platforms
Experience with reviewing vulnerabilities and creating workable mitigation steps
Ability to discuss effective defensive techniques
Deep understanding of a broad range of application security issues as well as their mitigation strategies
In-depth knowledge of testing methodologies
Ability to explain security vulnerabilities and weaknesses to a variety of audiences
Hacker mindset, always looking at an interface as a break-me puzzle
Effective working with highly technical individuals.

דרישות התפקיד

A degree/diploma in computer security, computer science or relevant hands on proven experience in application security and secure code development
Recognised application security certifications (e.g., CSSLP, CCSP, CERT Secure Coding Professional, Certified Application Security Engineer)
Relevant experience:
3-5 years of relevant experience in application security and secure coding diagnosis
Solid knowledge and experience using SAST solutions and code testing tools
Experience with Jira, Jenkins and other management, deployment and build tools
Experience with penetration testing, reverse engineering and debugging tools is an advantage
Documented responsible disclosure of vulnerabilities in commercial and open source projects - advantage