Application Security / Penetration Testing

Exceleron Software Pvt Ltd is looking for an Application Security / Penetration Testing expert.

This person will:

• Perform penetration testing of our application on an on-going basis, as part of our Software Development Lifecycle
• Document technical issues identified as part of pen testing exercises and communicate results with the team
• Participate in code reviews to ensure secure programming practices are being followed, and help educate other team members on how to improve their security posture and avoid common programming pitfalls
• Cross-train other team members
• Keep up to date with changing technologies, attack methods

Required Qualifications:

• Expert in web application security
• Familiarity with OWASP Top Ten & other secure programming guidelines
• Experience testing web applications for common security vulnerabilities such as input validation vulnerabilities, cross-site scripting, SQL injection and insecure direct object references
• Ability to demonstrate manual web application testing experience; i.e. candidate must be able to simulate a SQL inject attack without the use of tools.
• Experience with pen testing tools, and network and application security scanners (Nmap, Nessus, Metasploit, etc.)
• Strong communication and teaching abilities

Desired Qualifications:

• Object-oriented Perl software development experience, especially web and network applications
• Alternatively, experience with other modern scripting languages used for web application development (Ruby, Python, PHP)
• SQL database experience; especially Postgres
• Linux system administration; especially RHEL / Fedora / CentOS
• Infosec and/or pen testing certifications are a plus
• Experience participating in Capture-the-Flag / ethical hacking challenges