Conduct thorough penetration testing across a variety of web applications, examining both client-side and server-side aspects. This includes an in-depth analysis of application structures, server setups, databases, and identifying business and logic flaws to detect security vulnerabilities.
Employ sophisticated techniques and adopt an adversary's mindset to uncover and exploit vulnerabilities, highlighting the potential impact to emphasize the need and urgency for remediation. This includes the development of custom payloads and leveraging known exploits.
Develop and communicate effective remediation strategies for mitigating identified vulnerabilities, ensuring clear guidance is provided to the development teams involved
Requirements:
A minimum of two years of experience in the field of web penetration testing
Qualifications and Certifications:
Degree or industry-recognized certifications focused on practical skills, such as BSCP, OSWE, OSWA, HTB-CWEE, or HTB-CBBH, serve as substantial evidence of practical knowledge and expertise in penetration testing, demonstrating a commitment to and proficiency in the field.
Expertise in Web Pentesting: Comprehensive knowledge of web application vulnerabilities, to exploit security gaps/ vulnerabolities on endpoint applicaitons. A solid understanding of OWASP/OSWAP API standards and proficiency in manual testing methodologies is a must
Programming Skills: Proficiency in at least one programming language (e.g., Python, Java, PHP, JavaScript) to support effective testing and exploitation methodologies
Bug Bounty Recognition: Achievements in bug bounty programs, indicating practical experience in identifying and reporting security vulnerabilities, are considered an advantage.
Cloud and Container Security: Experience with security assessments of cloud-based applications and services (e.g., AWS, Azure) and familiarity with the security considerations for containerized deployments are desirable
