Senior Product Quality Engineer focusing on executing brake controls investigations and resolving critical issues. Collaborating with cross - functional teams in the automotive industry.
CT
Hybrid Vulnerability Assessment and Penetration Testing Engineer
Posted yesterday
About the role
- Vulnerability Assessment and Penetration Testing Engineer in Manila for Continent 8’s Managed Security Services team. Responsible for identifying security weaknesses and ensuring protection against threats.
Responsibilities
- Oversee the planning, execution, and reporting of VAPT tests, ensuring that testing activities align with best practices and meet the organization's goals.
- Collaborating with stakeholders to define project scopes, objectives, and timelines for vulnerability assessments and penetration tests.
- Conducting vulnerability assessments, code reviews and penetration tests against web technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.).
- Implementation and utilisation of web application vulnerability scanning tools (e.g. Invicti DAST Scanner, SoapUI, Burp Suite Pro, Checkmarx etc.) to automate the process of VAPT testing.
- Act as a domain expert around vulnerability and penetration testing.
- Create risk assessments to evaluate the severity and potential impact of identified vulnerabilities, considering factors such as exploitability and potential business impact.
- Provide remediation guidance to technical teams and customer stakeholders on the appropriate steps to remediate identified vulnerabilities effectively.
- Generate comprehensive and actionable reports from penetration tests and vulnerability assessments, communicating findings to relevant stakeholders.
- Continuously assess and enhance the VA/PT processes, methodologies, and tools to adapt to emerging threats and improve efficiency.
- Collaborate with the customer’s IT teams, development teams, and other stakeholders to ensure security considerations are integrated throughout the software development lifecycle.
- Stay informed about the latest threat intelligence and attack trends to guide testing efforts and prioritize critical vulnerabilities.
- Ensure that vulnerability assessments and penetration tests align with industry standards, regulations, and compliance requirements.
Requirements
- Proven track record 5+ years of experience in vulnerability scanning, analysis & penetration testing of websites, cloud hosted applications, APIs and networks (etc.)
- Excellent understanding of common app/apis/network vulnerabilities & attacks (OWASP Top 10s, SANS Top 25, CVEs, CWEs..)
- Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux, Sn1per, Maltego (non-exhaustive list)
- Knowledge of manual testing of web applications
- Knowledge of DevSecOps and integrating security into CI/CD pipelines
- One or more of the following certifications: GWAPT, CEH, OSCP, SANS, CISSP, GXPN, OSCE (or qualified work experience).
- Expert-level experience and very detailed technical knowledge in at least 3 of the following areas: General information security. Security engineering. Application architecture. Authentication and security protocols. Application session management. Applied cryptography. Common communication protocols. Mobile frameworks. Single sign-on technologies. Development frameworks (Angular, React, etc.).
- Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript).
- Knowledge of a Structured Query Language.
- Good knowledge of modifying and compiling exploit code
- Hands on experience of working in Windows and Linux
- Has practical experience in auditing various Operating Systems, Databases, Network and Security technologies
- Had exposure in Ethical Hacking competitions and programs like Bug Bounty, Capture the Flag etc.
Benefits
- Professional development opportunities
- Flexible work arrangements
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Intern supporting Software Quality Engineering team at Arthrex. Preparing, executing, and documenting test cases in the office.
Senior Quality Engineering Manager overseeing quality controls strategies in semiconductor industry at Micron. Driving excellence through collaboration and innovative processes across global teams.
Project Manager in Quality Assurance leading teams and ensuring compliance at Adverum. Demonstrating experience in pharmaceutical industry with focus on quality and regulatory requirements.
QA Test Manager overseeing all QA activities and testing efforts for Cayuse Civil Services, LLC. Ensuring compliance with standards, requirements, and best practices throughout project lifecycle.
Join S&P Global as an ETL QA Engineer ensuring software quality across automotiveMastermind products. Collaborate with teams to improve the lifecycle of services and implementation of processes.
Senior QA Automation role at CI&T, focusing on quality assurance for scalable tech solutions. Collaborate with teams to identify issues and enhance software functionality.
Quality Engineer at ZF ensuring compliance with automotive product standards and improving product quality. Engaging in product audits and implementing quality assurance systems.
Plant Quality Engineer II supporting problem solving and quality assurance processes for ZF's mobility solutions. Collaborating with teams to ensure high - quality outcomes in engineering projects.
Werkstudent Quality Assurance supporting the department with administrative tasks and documentation preparation. Creating newsletters and managing documentation processes for production in a well - established family - owned company.