Penetration Tester

Job Description

Software Developers at IBM are the backbone of our strategic initiatives to design, code, test, and provide industry-leading solutions that make the world run today - planes and trains take off on time, bank transactions complete in the blink of an eye and the world remains safe because of the work our software developers do. Whether you are working on projects internally or for a client, software development is critical to the success of IBM and our clients worldwide. At IBM, you will use the latest software development tools, techniques and approaches and work with leading minds in the industry to build solutions you can be proud of.Your Role and Responsibilities Who you are: As a penetration tester you will perform security testing of IBM product and SAAS offerings in both development and production environments. You will also closely work with IBM product development teams to strengthen the security posture of their products by participating in threat model, source code security testing and sharingf best practices / lessons learnt for secure coding/design. What you ll do: As a penetration tester you will be doing the following :-

• Plan and strategize the penetration test based on available information Select, design and create appropriate tools for testing
• Perform the penetration test on computer systems, networks, web-based applications/APIs and mobile applications using the OWASP and SANS 20 guidelines
• Document your methodologies, findings
• Gather the data intelligence not only from the output of the automated penetration tools but also from information gathered from interaction with product teams , previous results , threat model and source code scanning inputs.
• Review your findings and feedback to development teams
• Analyse the outcomes and make recommendations for security improvements

How we ll help you grow:

• You ll be working with the latest IBM Hybrid Cloud product teams and you will have access to these products and their documentation during the development phase itself.
• You ll learn directly from the IBM expert developers in the field of security and our team leads love to mentor
• You have the opportunity to work in many different areas of security like threat model, source code analysis to determine what really excites you.
• You ll have access to all the technical training courses in application security that you need become the expert you want to be in this area

Required Professional and Technical Expertise

• 3-4 years of hands-on experience in penetration testing & ethical hacking of web applications, hosted infrastructure and network using automated tools for vulnerability assessment and manual pen testing based on OWASP and SANS TOP 25 guidelines.
• Knowledge of at least one of IBM AppScan OR BurpSuite scanner.
• Proven knowledge to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc) to perform successful scan.

Preferred Professional and Technical Expertise

• Web Application Testing - Understanding of HTTP Protocol, HTTP Methods, Request/Response Headers, Cookies, TCP/IP connections over HTTP etc., Basic understanding of HTML/JavaScript, OWASP -Top 10 vulnerabilities
• Automated Testing - IBM AppScan OR BurpSuite scanner. (Good to have knowledge of both the tools), Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc ) to perform successful scan.
• Assessment of scanner results and intelligently identifying false positives from the scan results.
• Manual Testing - OWASP Top 10 categories, exploit workflow/navigation of the application and identifying the entry points to perform manual testing.

,

Keyskills :
web application testingsoftware development tools hybrid cloudmanual testing ethical hackingweb application audio masteringsecur