این فرصت شغلی بسته شده است.
تکنولوژیها
- SecurityAndroid SecurityWCF SecurityJava SecuritySecurityexception
کارخانه نوآوری iFNO Security Accelerator توسعه دهنده سرویسهای امنیت ابری، سرویسهای کشف تقلب، شبکه ارزیابی امنیتی و زیرساختهای حقوقی و وکلای سایبری از افراد مستعد و متخصصین امنیت و هکرهای کلاه سفید در سراسر کشور دعوت به همکاری مینماید.
- Performs threat modeling to identify all possible attack vectors
- Conduct vulnerability assessment and penetration Testing against a wide array of technologies and platforms including )(Network, Infrastructure, WEB Applications, Mobile apps including iOS and Android and API
- Select the appropriate technical tests, network or vulnerability scan tools and/or pen Testing tools based on review of requirements and purpose
- Conduct relevant research, data analysis, and create reports
- Contribute to predictive analysis of malicious activity
- Understand, review, and interpret vulnerability assessment and scannin results, reduce false positive findings, and act as Security advisor to business unit partners
- Track public and privately released vulnerabilities and assists in the triage process
- Perform black box and gray box Testing, source code analysis, manual pen Testing, and vulnerability assessments
- Perform hands on technical validation of vulnerability to determine risk to different configurations and priorities for remediation
- Communicate current cybersecurity threats and educate stakeholders on risks and recommendations
- Simulate cyberattacks to identify vulnerabilities
- Participate in team problem solving efforts and offer ideas to solve the issues
- Performs static source code vulnerability analysis
- Work with external pen testers to continually improve Security on the platform
- Responsible for writing and reviewing formal penetration test reports documenting the details of a penetration test and all vulnerabilities, potential issues, and strengths found during the test
General qualifications
- 3+ years of operational experience in Information Technology & InformationSecurity.
- Good written and verbal communication skills in English
- University Degree in Computer Science, Computer Engineering or other relevant field.
- Certifications such as CEH, Security+, ISO 27K, SANS would be considered as an asset.
- Good interpersonal communication and presentation skills.
- Ability to be a team player.
- Ability to work effectively in multiple cultures and at a range of levels.
- Ability to constantly build up skillset using a mix of self-motivated and course based learning environment.
- Ability to work independently, proactively to see the big picture and work through solutions as needed.
- Good knowledge of Windows, Linux, data bases (MySQL, no-SQL), antimalware,IDS and other Security technologies.
- Basic understanding of virtualization and software-defined data center concepts.
- Knowledge of OSI reference model and Networking fundamentals (switching,routing, load-balancing, firewalling).
- Understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.
- Basic understanding of cryptographic functionality within such protocols would be of advantage.
- Familiar with Security Regulations and Standards.
Technical qualifications
- Experience with API Testing and Mobile Application Testing
- Hands-on experience with two or more scripting languages such as Python,Powershell, Bash, or Ruby
- Familiarity with penetration Testing tools and tool suites such as Burp Suite, OWASP ZAP, Kali Linux, etc
- Proficiency or experience in any one of the following tools would be anadded advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security
- Ability to demonstrate clear understanding of following vulnerabilities including SQL Injections, Cross Site Scripting (XSS), Broken Authentication & Session Management, Insecure Direct Object References, Security Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code audit/review
- An aptitude for technical writing, including assessment reports and presentations
- Strong understanding of penetration Testing frameworks
- Advanced knowledge of mobile application Testing techniques, software protocols and the ability to bypass common mobile application Security controls
- Understanding of offensive Security, including offensive evasion techniques
- General knowledge of web applications, databases, mobile, and cloud applications
- Strong knowledge of Open Web Application Security Project (OWASP) (WEB and Mobile)
- Ability to think outside the box and emulate adversarial approaches
مزایا
- بیمه
- سهام پیشرفت
- اتاق بازی
- همکاری طولانی و هدفمند و تماموقت
- سفرهای دورهای تیمی
- فرصت سروکار داشتن با چالشهای هکینگ
- فرصت سروکار داشتن با مفاهیم بنیادین امنیت سایبری و تکنولوژی عمیق