Application Security / Penetration Testing

Exceleron Software Pvt Ltd , Bengaluru · exceleron.com · Full-time employment · Information Security

Exceleron Software Pvt Ltd is looking for an Application Security / Penetration Testing expert.

This person will:

  • Perform penetration testing of our application on an on-going basis, as part of our Software Development Lifecycle
  • Document technical issues identified as part of pen testing exercises and communicate results with the team
  • Participate in code reviews to ensure secure programming practices are being followed, and help educate other team members on how to improve their security posture and avoid common programming pitfalls
  • Cross-train other team members
  • Keep up to date with changing technologies, attack methods

Required Qualifications:

  • Expert in web application security
  • Familiarity with OWASP Top Ten & other secure programming guidelines
  • Experience testing web applications for common security vulnerabilities such as input validation vulnerabilities, cross-site scripting, SQL injection and insecure direct object references
  • Ability to demonstrate manual web application testing experience; i.e. candidate must be able to simulate a SQL inject attack without the use of tools.
  • Experience with pen testing tools, and network and application security scanners (Nmap, Nessus, Metasploit, etc.)
  • Strong communication and teaching abilities

Desired Qualifications:

  • Object-oriented Perl software development experience, especially web and network applications
  • Alternatively, experience with other modern scripting languages used for web application development (Ruby, Python, PHP)
  • SQL database experience; especially Postgres
  • Linux system administration; especially RHEL / Fedora / CentOS
  • Infosec and/or pen testing certifications are a plus
  • Experience participating in Capture-the-Flag / ethical hacking challenges

Apply for this position

Login with Google or GitHub to see instructions on how to apply. Your identity will not be revealed to the employer.

It is OK for recruiters, HR consultants, and other intermediaries to contact this employer