Hello, Please find below mentioned requirement.
*If interested I would request you to send me your updated resume with the following details please To pe...@indosys.com <pe...@indosys.com>* Web Penetration Tester telephonic, F2F or Skype Location: Princeton, NJ Length: 4 Months *Description:* We have an opening for an external consultant in the field of Penetration Testing with a focus on Web Applications and Web Services. The candidate should have profound knowledge and proven prior experience in penetration testing of Web Applications and Web Services. The ideal candidate will have an excellent knowledge of current web application attack patterns, security best practices, and be skilled both using manual assessment techniques as well as automated assessment tools. Moreover, the ideal candidate will have excellent oral and written communication skills. *Responsibilities:* - Based on documentation and an application walkthrough, plan an application assessment for a Web Applications that offer a GUI as well as web services and/or a fat client as a design-to-cost approach (i.e., bound by a fixed number of available days for testing). The type of penetration tests in focus are multi week penetration tests. - Conduct web application penetration tests as planned, as gray box approaches (i.e., with access credentials and developer support, but without full source code access). - Document the results in a final report, which includes your approach, impact, and countermeasures for each finding. - Ensure project management receives regular status updates and present final report to customers. *Essential Skills and Qualifications:* - Proven experience to conduct web application penetration tests following industry-standard best practices and methodologies (e.g., OWASP, SANS). - Prior experience with manual testing of application security in a live production environment is a must (i.e., experience that is limited to a pure tool-based penetration testing approach or tests that are limited to 2-3 days per application is not sufficient). - Ability to recommend changes/countermeasures to the development team based on findings. - Experience with standard security tools, e.g., BurpSuite, MetaSploit, SQLMap, NMAP, Nessus, SoapUI, etc. a plus - Excellent writing skills to include full documentation of all assessment findings and recommend corrective actions; proficiency in LaTeX a plus but not required - Excellent communication skills and ability to relate and communicate technical ideas to various technical levels within an organization - Ability to work methodically and independently and prioritize work - 3 + Years experience - BS Degree - Best Regards, Pearl, Email: pe...@indosys.com Phone: 408-520-9170 Indoys Inc. San jose,CA -- You received this message because you are subscribed to the Google Groups "SAP or Oracle Financials" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-or-oracle-financials+unsubscr...@googlegroups.com. To post to this group, send email to sap-or-oracle-financials@googlegroups.com. Visit this group at http://groups.google.com/group/sap-or-oracle-financials. For more options, visit https://groups.google.com/d/optout.
