Capgemini Hong Kong is hiring for Application security SME/Architect for a project with a major banking domain client.
- Perform periodically system and application VAPT (Vulnerability Assessment and Penetration Testing) using automated and manual approach.
- Perform Web Application Vulnerability Assessment & Penetration Testing.
- Perform Mobile application security testing.
- Provides analysis and validation post remediation.
- Source Code Review
- Conduct application penetration exercise using automated tools, customized exploits and manual analysis
- Experience in analysis of false positive, risk remediation recommendation and draft report preparation.
- Knowledge on open source and commercial tools for e.g Metasploit framework, Checkmax, BLUCKDUCK ,Nessus, Acunetix, Appscan, nmap etc.
- Experience on network, web application/ web services penetration testing & secure code review of applications
- Experience Mobile application testing.
- Security configuration review of database /servers / firewalls / switches / routers, etc
- Knowledge of operating systems preferably windows, linux etc. network equipment’s system & network hardening
- Wireless penetration testing & application security review
- Ability to review the code and provide input
- Ability to provide technical and strategic advisory in terms of remediation
- Ability to review codes in Java and Swift programming languages and recommend changes from security perspective
- Security Products Knowledge
- Good Knowledge on Secure Code Review of applications is desirable.
- Demonstration of Proof of concepts for exploits
- Wireless Penetration Testing & Application Security Review
- Security Configuration Review of Database / Servers / Firewalls / Switches / Routers
- Ability to work in a high pressure environment, reporting to senior stakeholders.
- Ability to review technical designs and to articulate security requirements clearly.
- Ability to both accept criticism, and make productive use of it.
- Flexible, motivated and a team player.
- Excellent verbal and written communication skills to a suitably professional standard that would be appropriate in a court of law.