Cloud-Based Web APIs Penetration Testing Support Consultant
Company: Hybrid Pathways
Location: San Francisco
Posted on: November 1, 2024
Job Description:
About the opportunity:New Era Technology is seeking a
Penetration Testing Support Consulting Resident to conduct testing
for web APIs for indirect object access permissions and controls on
AWS. This is a 5-month remote opportunity.Key Responsibilities
- Write RSpec tests in Ruby to ensure code quality.
- Set up API endpoint calls using Postman or a similar tool for
testing purposes.
- Create Python scripts for reporting and for triaging
issues.
- Establish a test environment to confirm test case
validity.
- Research API endpoint functionality to clarify desired
behaviors.
- Verify that each API endpoint functions as intended and meets
the specified requirements.
- Identify the owner of each endpoint by reviewing code and
documentation.
- Troubleshoot any issues that arise to maintain smooth testing
operations.
- Analyze test results and diligently report any defects
discovered.
- Continuously enhance test automation by updating and
maintaining the test framework.
- Communicate progress and address any issues through regular
status reports.
- Collaborate with API developers to tailor testing and
analysis.
- Conduct penetration testing for web APIs for indirect object
access permissions and controls on AWS.
- Document and report detailed penetration testing results,
findings and gaps.
- Support analysis, recommendations and potential remediation of
identified vulnerabilities.
- Collaborate with related Information Security Trust Assurance
and Threat Detection teams to characterize potential security
vulnerabilities.
- Validate and/or enhance testing protocols, tools or scripts to
optimize penetration testing processes.
- Independently handle complex issues with minimal supervision,
while escalating only the most complex issues to appropriate
staff.
- Provide guidance and recommendations to stakeholders
responsible for security remediation actions to close identified
gaps and remediation validation testing.
- Develop comprehensive and accurate reports and presentations
for various consumers of penetration testing results.
- Developing, extending, or modifying exploits, shellcode, or
exploit tools.Required Skills
- 5+ years experience conducting penetration testing.
- 3+ years experience conducting vulnerability analysis.
- Test Automation and Frameworks: Proficiency in writing
automated tests using RSpec, a testing tool for Ruby. Understanding
of test automation frameworks and principles is crucial.
- Programming Knowledge: Strong knowledge of Ruby programming
language to write tests. Working knowledge of Python and possibly
some familiarity with other languages used in the codebase.
- API Testing: Experience with API testing tools such as Postman
or similar software to create and send requests to API endpoints
and analyze responses.
- Environment Setup: Ability to set up and maintain test
environments, including configuration of databases, servers, and
other services that tests depend on.
- Troubleshooting: Skills in identifying, diagnosing, and
resolving issues that arise during testing. This often requires a
good understanding of the system being tested and problem-solving
skills.
- Version Control Systems: Familiarity with version control
systems like Git for searching through code and documentation to
identify endpoint owners.
- Defect Tracking: Experience with defect tracking and reporting
tools to log and manage issues discovered during testing.
- Continuous Integration/Continuous Deployment (CI/CD):
Understanding of CI/CD principles to integrate automated tests with
build pipelines.
- Hands on experience with the following:
- Scripting Languages (e.g., Python, PowerShell, etc.)
- Linux Operating Systems
- AWS Security Services
- AWS Infrastructure Services
- Network protocols (e.g., TCP/IP, UDP, ARP, DNS, and DHCP)
- Ability to identify and exploit web vulnerabilities (XSS, CSRF,
SQLi, SSRF, arbitrary file upload, etc.)
- Ability to identify and exploit mobile vulnerabilities (API
issues, insecure storage, memory corruption, deep links, etc.)
- Cryptography (e.g., PKI, TLS, etc.)
- Web Application penetration testing
- Working knowledge of Identity and Access Management and
Authentication Protocols including Active Directory and Entra ID
- Familiarity with the following:
- Windows Operating Systems
- Source code vulnerability analysisPreferred Skills
- Taking initiative and being proactive.
- Excellent interpersonal communication skills with strong spoken
and written English.
- Collaborative team worker - both in person and virtually using
MS Teams or similar.
- Excellent analytical skills.
- Organizational skills with attention to detail.
- Ability to leverage existing documentation.
- Excellent documentation skills; demonstrated proficiency in
Microsoft Office including Word, Excel and PowerPoint.
- Business outcomes mindset.
- Solid balance of strategic thinking with detailed
orientation.
- Self-starter, ability to take initiative.
- Flexibility to accommodate working across different
time-zones.Required Education
- Bachelor's degree (BA/BS) from four-year college or university;
or equivalent training, education, and work experience.
Cybersecurity certifications such as EC-Council CEH, CISSP, CISM a
plus.About Us: New Era Technology is a community of like-minded,
like-hearted people who share the same vision and values:
Community, Integrity, Agile, and Committed.These visions and values
tie into our daily work, to serve as a trusted technology adviser
to our customers. Often a single project leads to a long-lasting
partnership where we have the continued privilege of helping our
customers deliver valuable technology solutions that improve
efficiencies and experiences to their employees and customers.EEO
Statement:New Era Technology is proud to be an equal opportunity
employer. All qualified applicants will receive consideration for
employment without regard to race, color, religion, gender, gender
identity or expression, sexual orientation, marital status,
national origin, genetics, disability, age, or veteran status.
#J-18808-Ljbffr
Keywords: Hybrid Pathways, Richmond , Cloud-Based Web APIs Penetration Testing Support Consultant, IT / Software / Systems , San Francisco, California
Didn't find what you're looking for? Search again!
Loading more jobs...