Key Responsibilities
- Perform security assessment of Web Application via security audit, vulnerability assessment, penetration testing, application vulnerability analysis and source code reviewing.
- Research new attacking techniques and cutting edge security topics.
- Develop/Write exploit or use public exploit to gain access to the web application and the system.
- Sharing knowledge with internal team.
- Document technical issues and findings identified during the security assessment.
- Deliver professional onsite and remote briefings to clients based on results of security assessments.
- Deliver presentation and training to both technical and non-technical audiences.
- Assist clients with questions regarding vulnerabilities and the remediation efforts involved in eliminating them.
- Improve customer deliverable through report template and procedural updates.
- Write scripts to automate assessment tasks and improve work efficiency.
- Improve knowledge and skill to become a red teamer.
Technical skills and Experience
- Minimum 2 years of direct security experience. Fresh graduates are welcomed if the answers are Yes to following items.
- Strong knowledge in web application architecture (including component, model, framework, library, ...)
- Strong knowledge in web application attack tactics/techniques/procedures.
- Knowledge in web application defenses, best practice in security.
- Familiar with various security scanners including port scanner, directory scanner, vulnerability scanner.
- Familiar with Using security pen-test tools such as Burp Suite, Nuclei …
- Familiar with Writing security template scan such as Bcheck, Nuclei …. Templates.
- Proficient in at least one of the following programming/scripting languages: Python, Golang, Perl, PHP, C#, Java, JavaScript and Bash. Other programming languages can be considered.
- Practical knowledge in exploit writing/development.
General skill
- Self-Learn.
- English (at least reading and writing skill).
- Presentation.
ECQ firmly believes in Skills and Quality of Work. No certification or degree is required. All candidates are welcomed and will be screened through technical interview. All applications will be treated as strictly confidential. Successful candidate will receive attractive remuneration package. Interested applicants please submit your application and resume with a recent photo either by post or e-mail to the following address.