Kalpita Technologies, Inc.
Austin, TX
Post Resume to
View Contact Details &
Apply for Job
Job Description :

Title : Test Engineer (Web API and Security)

Location : Seattle WA (Look for Nearby candidates, as F2F is required)

USC , GC, GC EAD 

W2 Candidates  -NO C2C  

  1. Perform security testing at various levels with a focus on manual methodologies.
  2. Conduct thorough security vulnerability testing across web and API layers.
  3. Tools:
    • Limited tool usage: Preference for manual techniques over extensive tool reliance.
    • Proxy management tools: Utilize tools like Burp Suite and Fiddler to manage traffic interception and assess vulnerabilities.
    • Manual ethical hacking: Capable of performing ethical hacking without automation, focusing on logic flaws, configuration issues, and manual exploitation.
    • Traffic interception: Ability to intercept traffic between browser and application, analyzing requests and responses for potential weaknesses.
  4. Expertise:
    • Web Application Security: In-depth understanding of securing web applications, identifying security flaws, and addressing them effectively.
    • API Testing: Conduct security testing of APIs and services, ensuring data integrity and authorization controls.
    • Threat Modeling: Experience in threat modeling to anticipate security vulnerabilities in both application design and code.
    • Code Reviews: Perform manual code reviews to identify potential security risks before deployment.
    • Application-Level Insight: Capable of obtaining deep insights into the application layer, identifying security threats beyond surface-level vulnerabilities.
  5. What does he mean by Manual Testing Approach:
    • Someone who can Conduct security assessments in scenarios without dedicated tools, (because Bank has limited tools; and want someone who can do things more Manually) using manual techniques to probe for vulnerabilities.
    • Ability to simulate attacks on web applications and APIs through hands-on techniques.

Deal Breaker:

  • Manual Ethical Hacking; Hands-on Web Application Security experience.
  • Proven ability to perform manual ethical hacking and security testing without relying heavily on tools.
  • Strong knowledge of proxy management tools like Burp Suite and Fiddler for web and API testing.
  • Good wtih API security testing.
  • Ability to intersect browser-application traffic and identify security flaws.
  • Application-Level Security Insight: Strong analytical skills to understand complex applications and their security requirements.
             

Similar Jobs you may be interested in ..