Performs web and mobile applications vulnerability assessments and penetration testing activities.
Effectively communicate and coordinate with engineers, leads and stakeholders to deliver quality and security to the product.
Write client reports with your findings and recommendations using your top-notch English writing skills and exceptional attention to detail.
Provides support to product owners in fixing vulnerabilities.
Triage SAST and DAST scans findings.
Participates in development of team processes.
Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self service.
Continuously develops professional knowledge and skills.
What we expect from you
-
3+ years of professional experience with web and mobile application security, and at least 1 year of ethical hacker/pentester experience.
-
Strong knowledge of web and mobile security fundamentals.
-
Solid knowledge of testing methodologies (OWASP WSTG/MSTG or similar application security methodologies).
-
Strong understanding of the most critical security risks to web applications(OWASP Top 10).
-
Solid knowledge of the various vulnerability types, their root cause, exploitation techniques and mitigation patterns.
-
Hands-on experience in web vulnerabilities finding and exploitation.
-
Hands-on experience in application security testing software and common penetration testing tools (Kali Linux, Burp Suite, Metasploit, Nmap (NSE), Acunetix, etc.).
-
Knowledge of IT technologies (network protocols, Web, clouds, operating systems, database systems).
-
Basic knowledge of one or more multiplatform scripting languages (eg. Python).
-
Experience in software development practices and methodologies (SDLC).
Programming/development experience.
Knowledge of pipeline and CI/CD principles. Embed security across the CI/CD roadmap (SSDLC).
Understanding and hands on experience in cloud security (AWS/Azure).
Experience in threat modeling activities.
Bug bounty experience.
Awareness of privacy and security regulations and compliance frameworks.
Relevant certifications such as OSCP, CEH, CompTIA PenTest+, etc.
NIX is a global supplier of software engineering and IT outsourcing services
NIX teams collaborate with partners from different countries. Our specialists have experience in developing innovative projects from ecommerce to cloud for some of the largest companies in the world, including from the Fortune 500. The teams are focused on stable development of the international IT market, business, and their own professional skills.
What we offer
-
Competitive compensation packages.
-
Stable employment, based on a full-time employment contract.
-
Private health insurance (Medicover Сlinic).
-
AYCM sport pass, providing discounts at various sports facilities in Hungary.
-
Interesting tasks and diverse opportunities for developing your skills.
-
Free training courses, including English.
-
Participation in internal and external thematic events, technical conferences.
-
A spacious office in the heart of Budapest (13th district).
-
All necessary devices and tools for your work.
-
Friendly, motivating atmosphere.
-
Active corporate life.