Application Security Engineer (Pentester)
Crypto.com
Responsibilities
- Discover security vulnerabilities through design review, source code review and penetration testing, either manually or by using automated tools, and follow up on the remediation process
- Participant in relevant agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and/or protocols
- Conduct security-related training sessions
- Implement various security control verification and risk detection through automated scripts
- Provide support on application-level security monitoring, intrusion detection, and incident response
Requirements
- OSCP (or equivalent, such as CREST) is a MUST.
- A deep understanding of OWASP Top 10 and the ability to detect and address logic flaws are highly desirable.
- Minimum four years of experience in Web API testing and proficiency in using BurpSuite is preferred.
- Experience with Mobile App testing, comprehension of jailbreaking/rooting a device, API hooking, reverse engineering, and de-obfuscation is highly beneficial
- Fluency in spoken and written English is essential, and proficiency in Mandarin would be advantageous.