Cloud-Based Web APIs Penetration Testing Consultant

August 27

Apply Now

Receive Emails with Similar Jobs

Hybrid Pathways

WebsiteLinkedInAll Job Openings

Identifying, Connecting and Protecting Digital Assets

Enterprise IT Consulting • Public Cloud Infrastructure • Enterprise Networks • Hybrid IT Architecture • IT Security

11 - 50

Description

• Conduct testing for web APIs for indirect object access permissions and controls on AWS • Write RSpec tests in Ruby to ensure code quality • Set up API endpoint calls using Postman • Create Python scripts for reporting and triaging issues • Establish a test environment to confirm test case validity • Research API endpoint functionality • Verify API endpoint functions meet specified requirements • Identify endpoint owners by reviewing code and documentation • Troubleshoot issues to maintain testing operations • Analyze test results and report defects • Enhance test automation by updating test framework • Communicate progress via regular status reports • Collaborate with API developers • Document and report penetration testing results and findings • Support remediation of identified vulnerabilities • Collaborate with Information Security teams • Validate and enhance testing protocols, tools, or scripts • Independently handle complex issues with minimal supervision • Provide guidance and recommendations for security remediation • Develop comprehensive and accurate reports and presentations

Requirements

• 5+ years experience conducting penetration testing • 3+ years experience conducting vulnerability analysis • Proficiency in writing automated tests using RSpec • Strong knowledge of Ruby programming language • Working knowledge of Python and possibly some familiarity with other languages • Experience with API testing tools such as Postman • Ability to set up and maintain test environments • Skills in identifying, diagnosing, and resolving issues • Familiarity with version control systems like Git • Experience with defect tracking and reporting tools • Understanding of CI/CD principles • Hands on experience with scripting languages, Linux OS, AWS Security Services, and network protocols • Ability to identify and exploit web and mobile vulnerabilities • Working knowledge of cryptography • Familiarity with Identity and Access Management and Authentication Protocols