QA Team Leader overseeing mobile app testing (iOS and Android) while ensuring quality execution through automation frameworks. Responsibilities include strategy planning and cross - team collaboration.
CT
Hybrid Vulnerability Assessment and Penetration Testing Engineer
Posted 2 months ago
About the role
- Vulnerability Assessment and Penetration Testing Engineer in Manila for Continent 8’s Managed Security Services team. Responsible for identifying security weaknesses and ensuring protection against threats.
Responsibilities
- Oversee the planning, execution, and reporting of VAPT tests, ensuring that testing activities align with best practices and meet the organization's goals.
- Collaborating with stakeholders to define project scopes, objectives, and timelines for vulnerability assessments and penetration tests.
- Conducting vulnerability assessments, code reviews and penetration tests against web technologies, services, platforms and languages to find flaws and exploits (e.g., SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, Clickjacking, Authentication/Authorization, Privilege Escalation, Business Logic Bypass, OWASP Top 10, SANS Top 25 etc.).
- Implementation and utilisation of web application vulnerability scanning tools (e.g. Invicti DAST Scanner, SoapUI, Burp Suite Pro, Checkmarx etc.) to automate the process of VAPT testing.
- Act as a domain expert around vulnerability and penetration testing.
- Create risk assessments to evaluate the severity and potential impact of identified vulnerabilities, considering factors such as exploitability and potential business impact.
- Provide remediation guidance to technical teams and customer stakeholders on the appropriate steps to remediate identified vulnerabilities effectively.
- Generate comprehensive and actionable reports from penetration tests and vulnerability assessments, communicating findings to relevant stakeholders.
- Continuously assess and enhance the VA/PT processes, methodologies, and tools to adapt to emerging threats and improve efficiency.
- Collaborate with the customer’s IT teams, development teams, and other stakeholders to ensure security considerations are integrated throughout the software development lifecycle.
- Stay informed about the latest threat intelligence and attack trends to guide testing efforts and prioritize critical vulnerabilities.
- Ensure that vulnerability assessments and penetration tests align with industry standards, regulations, and compliance requirements.
Requirements
- Proven track record 5+ years of experience in vulnerability scanning, analysis & penetration testing of websites, cloud hosted applications, APIs and networks (etc.)
- Excellent understanding of common app/apis/network vulnerabilities & attacks (OWASP Top 10s, SANS Top 25, CVEs, CWEs..)
- Hands on experience with popular security tools – Nessus, Burpsuite, Netsparker, Metasploit, KALI Linux, Sn1per, Maltego (non-exhaustive list)
- Knowledge of manual testing of web applications
- Knowledge of DevSecOps and integrating security into CI/CD pipelines
- One or more of the following certifications: GWAPT, CEH, OSCP, SANS, CISSP, GXPN, OSCE (or qualified work experience).
- Expert-level experience and very detailed technical knowledge in at least 3 of the following areas: General information security. Security engineering. Application architecture. Authentication and security protocols. Application session management. Applied cryptography. Common communication protocols. Mobile frameworks. Single sign-on technologies. Development frameworks (Angular, React, etc.).
- Strong scripting skills (e.g. Python, Perl, Shell script, JavaScript).
- Knowledge of a Structured Query Language.
- Good knowledge of modifying and compiling exploit code
- Hands on experience of working in Windows and Linux
- Has practical experience in auditing various Operating Systems, Databases, Network and Security technologies
- Had exposure in Ethical Hacking competitions and programs like Bug Bounty, Capture the Flag etc.
Benefits
- Professional development opportunities
- Flexible work arrangements
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Quality Assurance Manager overseeing Quality Engineering practices at PNC. Leading automation - first testing and scaling quality solutions for enterprise platforms.
QA Manager leading planning, coordination, and execution of software quality assurance initiatives at PNC. Driving team collaboration and quality improvements for project delivery.
QA Engineer ensuring smooth user experiences on gaming platforms through comprehensive testing and collaboration with developers. Dedicated to product performance and Agile methodologies.
QA Consultant ensuring end - to - end quality of digital products, involving manual and automated testing at Raona. Collaborating in an agile environment to enhance product reliability and performance.
QA Engineer ensuring all products meet quality standards at Sensata Technologies. Responsible for designing tests, compliance of manufacturing processes, and training inspection supervisors.
QA Mobile professional ensuring software quality and automated testing for mobile applications at Consort Group. Collaborating with development teams and improving QA practices in a hybrid work environment.
Sales Representative in pharma cultivating relationships and driving customer engagement. Meeting sales targets while maintaining compliance and integrity in the heart failure specialty area.
QA Consultant ensuring error - free delivery of Spark Archives solutions. Involves testing, validation, and interaction with technical ecosystems.
QA Tech Lead at DRPG responsible for changing how quality works through engineering practices. Leading teams in implementing modern Quality Engineering methodologies within a communication agency.