ខ្មែរ
Application Penetration Tester, Offensive
Full Time Phnom Penh Posted 2 months ago
Technology
JOB RESPONSIBILITIES
- Work with relevant stakeholders to plan application testing and remediation.
- Conduct periodic app/API scans to find any vulnerability.
- Conduct secure code scanning, dependency, class, or library scanning.
- Conduct application penetration test.
- Analyze coding threats, evaluating encryption options and auditing permissions and access rights.
- developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification.
- Conduct threats modelling and maintain report.
- Review and provide input on application security architecture, features and design.
- Participating in software development process to ensure apps develop is in secure manner.
- Research, develop and recommend tools to assist in secure development process.
- Provide secure application training to workforces on software/application security standards, threats, and secure coding.
- Scanning and exploiting systems weakness, flaw, design, and configuration settings.
- Crack, decompile or reverse engineering applications to find weakness and provide solutions.
- Conducts regular and careful security assessment on existing and new systems.
- Create and maintain testing reports.
- Manage and maintain application asset inventory.
JOB REQUIREMENTS
- Graduated bachelor degree of Information Technology, preferably in the field of Computer Science.
- Completed or certified any security course like PenTest+, CEH
- Self-learning any security related course or own lab development is advantaged.
- An adversarial mindset, highly ethical, Curiosity, problem solving mentality, critical thinking, analytics kill and scepticism skill.
- Knowledge of the MITRE ATT&CK framework
- Knowledge of OWASP top 10 CI/CD security risks.
- Knowledge of Top 25 Most Dangerous Software Weaknesses
- Knowledge of OWASP top 10 web/API and cloud security risk
- Understanding CVE, CWE, CPACE, CVSS
- Knowledge or Experience in programming language such as PHP, Java, JavaScript, shell scripting, PowerShell, python.
- Knowledge or experience in secure development frameworks.
- Knowledge or experience of mobile development such as Android and IOS.
- Basic knowledge or experience in networking and understanding of OSI/TCP-IP model.
- Basic knowledge of programming languages or scripting.
- Basic knowledge or experience in penetration testing or vulnerability scanning.
- Basic or experience of DevOps and DevSecOps is a plus.
- Knowledge or experienced in operating system such windows, Linux
- Knowledge or experience in virtualization, containers
HOW TO APPLY
Interested candidates are invited to send a cover letter and CV to jobs@wingbank.com.kh or click button below to apply!
