- Analyze security requirements from software development team to define the security software testing strategy.
- Participate in client meetings to discuss and agree on security testing approach, estimation in new security test opportunities
- Plan and perform security testing of application designs, source code and deployments, covering all kinds of applications, web application, web service, mobile application in software development.
- Do black box and white box security testing for web and mobile applications.
- Follow up with the project team to verify the security risks.
Desired skills and experience:
- University level with bachelor degree in computer science or equivalence.
- Has 3+ years of working experience in software testing
- Has 1+ year of hand-on experience in security testing
- Strong knowledge of security principles, techniques and technologies (OWASP Top 10 For Web application or Mobile application)
- Experience performing the security test for web or mobile application based on OWASP Top 10
- Strong knowledge on the network protocols
- Good English communication (written and oral)
- Good knowledge and understand the programming languages.
- Excellent problem solving skills and attention to detail.
Nice to Have:
- ISTQB/ISEB Certificate or equivalence.
- Experience in working with agile/scrum methodology.
- Experience to use the tools: ZAP, Acunitex, BurpSuite, Netsparker, N-Stalker, sqlmap, kali linux
- Industrial certifications holder: CISSP, CEH, SCP, GIACs, ComTIA Security+