Penetration Tester

İnformation Techlonogy Company
Penetration Tester


  • Bachelor's Degree in Computer Science or a related technical discipline, or the equivalent combination of education,
  • Minimum 4 years of experience in Web Application Penetration testing,
  • Knowledge of various web application architectures,
  • Core experience and profound knowledge in web application and infrastructure security testing,
  • Strong understanding and hands on experience on application and infrastructure vulnerabilities, automated/manual testing, auditing and remediation techniques,
  • Strong Understanding of OWASP, WASC 2.0 Threats classification,
  • Experience with standard security tools such as MetaSploit, SQLMap, Acunetix, AppScan, Skipfish, etc.
  • Understanding of TCP/IP networking, HTTP protocols and their uses,
  • Experience with network penetration test tools such as Nessus, Qualys, nmap etc.,
  • Experience with establishing penetration testing procedures and processes,
  • Strong written and verbal communication skills with the ability to interpret and fully explain the programming impact of vulnerabilities as well as any recommended remediation,
  • Flexibility and adaptability to work in a growing, dynamic, international team with a strong customer-oriented attitude.
  • Understanding of server and client side application development,
  • Experience with performing code review, wireless and firewall assessments,
  • Programming background (C++, Perl, Python, Shell ) for tool and exploit development,
  • Technical knowledge in network security products, cryptographic suites and network/application firewalls,
  • Experience in evasion techniques to bypass firewalls, and intrusion detection,
  • Experience with mobile application and operating system testing,
  • Knowledge in scripting (any language) and experience in automation scripts for application security testing,
  • Hands on experience in security testing of Web service, Mobile applications, APIs etc.,
  • Knowledge in Application Architecture Review, Threat modeling concepts,
  • Testing automation is a plus.