- Analyze security requirements from software development team to define the security software testing strategy.
- Participate in client meetings to discuss and agree on security testing approach, estimation in new security test opportunities
- Plan and perform security testing of application designs, source code and deployments, covering all kinds of applications, web application, web service, mobile application in software development.
- Do black box and white box security testing for web and mobile applications.
- Follow up with the project team to verify the security risks.
Our Nasher, Pham Tien Manh is a ‘Top 100 Facebook White Hat 2019’
July 24, 2019
More companies than ever before are enlisting the help of the white hat community through bug bounty programs. Facebook recently announced their ‘Top 100 Facebook White Hat 2019’ and we are proud that one of our Nashers, Pham Tien Manh is on the list for his work on Penetration Testing. From a studious Vulnerability Assessor to a member of OWASP (Open Web Application Security Project) and a White Hat Hacker, Manh Pham has proved that age does not matter when it comes to IT.
We wanted to find out a bit more about the white hat community, so we asked Manh about it. Bug Bounty Programs are organized by technology giants such as Facebook, Google, and Microsoft and also Government organisations, where individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. White hat hackers usually start off as bug bounty hunters, who find exploits in prominent systems and websites for a bounty from the company operating them. Or like Manh, they are keen to find vulnerabilities as a passion rather than as a means of income.
As a loyal user of Facebook, Manh has spent a lot of his spare time detecting and reporting security issues. Manh’s speciality for bug reporting to Facebook is Penetration Testing, which is is an authorized simulated cyber-attack computer system, network or web application to find security vulnerabilities that an attacker could exploit. It is considered as one of the toughest testing methods as a penetration tester is required to keep up to date with the latest inventions and applications.
“It’s something I am passionate about, rather than doing it for money” – says Manh.
With a passion for computer games from a young age, Manh chose to pursue a career in Information Security. Manh says that patience, hard work, professional ethics and calmness are the key to become a Security Tester. NashTech is thrilled to have such passionate and talented team members working for us. We look forward to helping Manh develop his skills and passions further.
Are you a skilled Penetration Tester? NashTech is Hiring. Here is the job description, and if you’re interested, please submit your CV Here:
Desired skills and experience:
- University level with a bachelor degree in computer science or equivalence.
- Has 3+ years of working experience in software testing
- Has 1+ year of hands-on experience in security testing
- Strong knowledge of security principles, techniques and technologies (OWASP Top 10 For Web application or Mobile application)
- Experience performing the security test for web or mobile application based on OWASP Top 10
- Strong knowledge of the network protocols
- Good English communication (written and oral)
- Good knowledge and understand the programming languages.
- Excellent problem-solving skills and attention to detail.
Nice to have:
- ISTQB/ISEB Certificate or equivalence.
- Experience in working with agile/scrum methodology.
- Experience to use the tools: ZAP, Acunitex, BurpSuite, Netsparker, N-Stalker, sqlmap, kali linux
- Industrial certifications holder: CISSP, CEH, SCP, GIACs, ComTIA Security+
Why you’ll love working at NashTech
- 13-month salary per year
- Performance bonus (up to 2-month salary)
- Flexible option bonus for good performers & retention bonus for outstanding performers
- Social – Health – Insurance paid fully
- Healthcare: Annual health check-up, Premium Health Insurance (plus 1 slot for your dependent)
- Annual leaves: 14 ~ 18 days
- Clubs program: Football, Badminton, Swimming, Tennis, Rock, Yoga…
- Training courses: Technical skills – Soft skills – English
People are extremely important to us and that’s why we have a clear vision: to make NashTech a great place to work in its sector. We pride ourselves on:
- Professional and Flexible Working Environment
- Great Teamwork
- International Assignments
- WeCare – WeShare – WeDare – We Innovate Engagement Program