Overview
SoftConstruct is looking for a Web Penetration Tester.
Responsibilities:
- Conduct comprehensive penetration tests on SoftConstruct’s web applications, APIs, and portals to identify and exploit security vulnerabilities
- Perform manual and automated testing for issues such as injection flaws, authentication bypass, misconfigurations, and insecure storage
- Analyze application logic to uncover business logic vulnerabilities and abuse cases beyond typical automated scan detection
- Collaborate with development and DevSecOps teams to verify vulnerabilities and guide remediation efforts
- Produce detailed and actionable vulnerability assessment and penetration test reports tailored to technical and non-technical audiences
- Contribute to threat modeling and secure development practices by providing input during the design and testing phases of products
- Stay informed about current web application attack vectors, exploit techniques, and security trends (e.g., OWASP Top 10, CVEs, 0-day vulnerabilities)
- Develop custom testing scripts or tools when needed to support advanced testing scenarios
Required Qualifications:
- 3–5 years of relevant experience in web application security testing, ethical hacking, or secure software assessment
- Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Systems, or a related technical field
- Industry certifications such as OSWE, OSCP, or CEH are considered a strong advantage
- Strong knowledge of web application architecture, HTTP/HTTPS protocols, authentication mechanisms, and secure coding principles
- Hands-on experience with penetration testing tools such as Burp Suite, OWASP ZAP, SQLMap, Nmap, Nikto, Ffuf, and custom scripts
- Familiarity with OWASP Top 10, CWE, and CVSS scoring standards
- Experience testing modern web frameworks (e.g., React, Angular, Vue.js) and RESTful/GraphQL APIs
- Ability to read and analyze code or scripts in JavaScript, Python, PHP, or similar languages is a plus
- Excellent report writing and communication skills, including the ability to explain technical risks in business terms
Please note: Our intelligent job search engine discovered this job and republished it for your convenience. Please be aware that the job information may be incorrect or incomplete. The job announcement remains the property of its original publisher. To view the original job and its full details, please visit the job's URL on the owner’s page.
Please clearly mention that you have heard of this job opportunity on https://ijob.am.