Key Role
As Application Security Specialist& Penetration Tester, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated tool validation, which will focus on targets that may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.
You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, with the goal of ensuring wizlynx group’s customers remain one step ahead of its adversaries.
This role will be part of a team of Cyber Security Experts, providing excellent services to customers and internal teams.
What your keys responsibilities will be
Responsibilities may include the following, but are not limited to :
- Lead and execute secure code review, network, web application, wireless penetration tests that will vary in level of complexity from simple to potentially complex
- Author quality secure code review and penetration test reports with professional documentation of identified and exploited vulnerabilities / weaknesses
- Provide detailed remediation guidance for findings
- Serve as a consultant in pre-sales, including assessment of client needs, project scopes and proposal preparation
- Share all knowledge and training with internal colleagues and teams
- Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends / best practices, offensive techniques, tools and software development paradigms
What we are looking for
Minimum Experience :
Bachelor’s degree, preferably in computer science or information systems, or equivalent work experienceMinimum of one year professional experience in penetration testing and code reviewTechnical knowledge across a broad range of computing platforms and network protocolsHigh proficiency in a variety of operating systems such as Unix / Linux / Mac / Windows operating systems, including bash and PowerShellHigh proficiency in manual techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems)Proven professional experience testing web applications for common web application security vulnerabilities as defined by OWASP, including input validation vulnerabilities, broken access controls, session management vulnerabilities, cross-site scripting issues, SQL injection and web server configuration issuesGood knowledge of both static and dynamic analysis of an application, be it web-based, mobile app, or standaloneExperience with tools such as Microfocus Fortify or Checkmarx are an assetAbility in reviewing source code, including the evaluation of best practices for the platform / framework in useVery good knowledge of one or more of the following programming languages & frameworks : Python, .NET, Perl, and Java.Tools – Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex : Burp, Nessus, Nmap, Metasploit)Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiencesCertifications such as OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB, GWEB) others are an assetLanguage Skills :
Excellent communication skills in English and Cantonese (written and spoken); Other languages are an advantage.Soft Skills :
Excellent interpersonal skills, capable to interact with people at all levels; team playerAction-oriented and results drivenOrganized with strong time-management skillsAbility to dynamically switch among different tasksFlexible attitude, reliableCustomer friendly approach and appearanceWillingness to travelStrong problem-solving and analytical skills