HTTP protocol (advanced)
Join our team at IBA Poland and let raise the standards of IT security together!
We conduct penetration tests that simulate potential attacks on IT environment and allow to identify security gaps. We will perform a controlled attack to detect vulnerable areas of application / system / network.
Main tasks & responsibilities :
Carry out application , network, systems, and infrastructure pentests
Review physical security and perform social engineering tests where appropriate
Evaluate and select from a range of pentesting tools
Keep up to date with latest testing and ethical hacking methods
Deploy testing methodology and collect data
Report on findings to a range of stakeholders
Make suggestions for security improvements
Enhance existing methodology material
Plan the pentest
Select, design, and create appropriate tools for testing
Perform the pentest on computer systems, networks, web-based and mobile applications
Document your methodologies and findings
Gather the data intelligence not only from the output of the automated pentesting tools but also from information gathered from interaction with product teams, previous results, threat model and source code scanning inputs.
Review your findings and feedback to development teams
Analyze the outcomes and make recommendations for security improvements
Actively participate in the EH expertise development.
Sounds exciting? Match your experience to needed skills
Must Have Qualifications :
Web Application Testing :
Understanding of HTTP and HTTPS Protocols HTTP(S) Methods, Request / Response Headers, Cookies, TCP / IP connections over HTTP(S) etc.
Good Understanding of security vulnerabilities, including impact, exploits, etc.
Automated Testing :
Must have knowledge of at least one scanning tool (IBM AppScan or BurpSuite scanner or any Open-Source equivalent).
Should be able to configure automated scanner (such as Login sequence, manually exploring critical flaws, Policy customization, scan throttling, etc.
to perform successful scan.
Assessment of scanner results and intelligently identifying false positives from the scan results.
Knowledge of Burp features, Spider, Intruder, Scanner, Repeater and Extender.
Manual Testing :
Should be able to understand OWASP Top 10 categories to perform manual testing.
Flaws like, Authentication (session management) testing, CSRF, business logic testing which are not detected by an automated scanner must be identified using manual testing.
Understanding of the workflow of the application and identifying the entry points to detect vulnerabilities.
Advanced knowledge of English spoken and written (B2 / C1),
Good asset : Webservice Testing :
Webservice Testing :
SOAP / REST APIs testing.
Configuring cURL commands and POSTMAN tool to capture the request in automated scanner.
Network Testing :
Understanding of networking protocols such as TCP, UDP, DNS, DHCP etc.
Understanding of network devices like router, switches, security system / IDS / IPS etc.
Network scanning tools such as Nessus, Nmap, Metasploit etc.
Exploitation and Post Exploitation of network vulnerabilities.
Threat Model and Source code security scanning :
Perform / Participate in threat model creation / design or review
Perform source code security scanning using (SAST) tools like IBM AppScan, Contrast, and other popular open-source tools.
Security Certifications :
Any of the security certifications is a plus (such as CEH, ECSA, OSCP, GPEN, GWAPT etc.)
What you need to have :
Legal work permit in Poland.
Start date for assignment : ASAP
Duration of trial period : 3 months
Expected workload for the consultant : Fulltime
Location : Hybrid / Wroclaw
Reasons to love work with IBA Poland
Contract of Employment,
We offer flexible working hours as we care about the work life balance of our employees.
By working with us today, you gain experience of the implementation of projects of a wide variety in a diverse industry with international teams .
Selection of benefits such as : private medical care provided by Medicover, multisport card, cafeteria system, language courses, integration events and many more as we grow.
We have over 25 years of experience in providing comprehensive solutions in various industries. During this time, we have achieved success in over 2,000 projects and established development centers in several countries in Europe, the United States, Africa, and Asia.
IBA Group develops and integrates custom software, implements proprietary and vendor solutions, and offers technical support and consulting.
Fundamental areas : mainframe software, corporate and mobile applications, web, SAP and other ERP, BI and IBM Tivoli systems.