工作描述
16 天前
Job Title: Application Security Specialist
The Wizlynx Group is seeking a skilled Application Security Specialist to join our team. As a key role, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated tool validation. Your targets may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.
You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, ensuring the Wizlynx Group's customers remain one step ahead of its adversaries.
This role will be part of a team of Cyber Security Experts, providing excellent services to customers and internal teams.
Key Responsibilities:
• Lead and execute secure code review, network, web application, wireless penetration tests with varying levels of complexity.
• Author quality secure code review and penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses.
• Provide detailed remediation guidance for findings.
• Serve as a consultant in pre-sales, including assessment of client needs, project scopes, and proposal preparation.
• Share knowledge and training with internal colleagues and teams.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends/best practices, offensive techniques, tools, and software development paradigms.
Requirements:
• Bachelor's degree in computer science or information systems, or equivalent work experience.
• Minimum of one year professional experience in penetration testing and code review.
• Technical knowledge across a broad range of computing platforms and network protocols.
• High proficiency in various operating systems, including Unix/Linux/Mac/Windows, and knowledge of bash and PowerShell.
• High proficiency in manual techniques for penetration testing, including network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems.
• Proven professional experience testing web applications for common web application security vulnerabilities, as defined by OWASP.
• Good knowledge of both static and dynamic analysis of an application, including web-based, mobile app, or standalone.
• Experience with tools such as Microfocus Fortify or Checkmarx is an asset.
• Ability to review source code, including evaluation of best practices for the platform/framework in use.
• Very good knowledge of one or more programming languages and frameworks, including Python, .NET, Perl, and Java.
• Tools, including proxies, port scanners, vulnerability scanners, and exploit frameworks.
• Strong oral and written communication skills, including ability to prepare quality documentation and presentations for technical and non-technical audiences.
• Certifications such as OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB, GWEB) are an asset.
• Excellent communication skills in English and Cantonese (written and spoken); other languages are an advantage.
• Excellent interpersonal skills, capable of interacting with people at all levels; team player.
• Action-oriented and results-driven.
• Organized with strong time-management skills.
• Ability to dynamically switch among different tasks.
• Flexible attitude, reliable.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Strong problem-solving and analytical skills.
The Wizlynx Group is seeking a skilled Application Security Specialist to join our team. As a key role, you will lead and execute a variety of engagements, conducting secure code review and advanced hands-on penetration testing beyond automated tool validation. Your targets may include network devices, servers, web and mobile apps, web APIs, wireless infrastructures, IoT devices, and other information systems.
You will have the opportunity to combine technical expertise with your imagination to conduct targeted attacks and discover vulnerabilities, ensuring the Wizlynx Group's customers remain one step ahead of its adversaries.
This role will be part of a team of Cyber Security Experts, providing excellent services to customers and internal teams.
Key Responsibilities:
• Lead and execute secure code review, network, web application, wireless penetration tests with varying levels of complexity.
• Author quality secure code review and penetration test reports with professional documentation of identified and exploited vulnerabilities/weaknesses.
• Provide detailed remediation guidance for findings.
• Serve as a consultant in pre-sales, including assessment of client needs, project scopes, and proposal preparation.
• Share knowledge and training with internal colleagues and teams.
• Maintain up-to-date knowledge of the IT security industry, including awareness of new or revised security solutions, security standards, trends/best practices, offensive techniques, tools, and software development paradigms.
Requirements:
• Bachelor's degree in computer science or information systems, or equivalent work experience.
• Minimum of one year professional experience in penetration testing and code review.
• Technical knowledge across a broad range of computing platforms and network protocols.
• High proficiency in various operating systems, including Unix/Linux/Mac/Windows, and knowledge of bash and PowerShell.
• High proficiency in manual techniques for penetration testing, including network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems.
• Proven professional experience testing web applications for common web application security vulnerabilities, as defined by OWASP.
• Good knowledge of both static and dynamic analysis of an application, including web-based, mobile app, or standalone.
• Experience with tools such as Microfocus Fortify or Checkmarx is an asset.
• Ability to review source code, including evaluation of best practices for the platform/framework in use.
• Very good knowledge of one or more programming languages and frameworks, including Python, .NET, Perl, and Java.
• Tools, including proxies, port scanners, vulnerability scanners, and exploit frameworks.
• Strong oral and written communication skills, including ability to prepare quality documentation and presentations for technical and non-technical audiences.
• Certifications such as OSCP, OSCE, OSWE, CREST CRT, GIAC (GXPN, GWAPT, GPEN, GMOB, GWEB) are an asset.
• Excellent communication skills in English and Cantonese (written and spoken); other languages are an advantage.
• Excellent interpersonal skills, capable of interacting with people at all levels; team player.
• Action-oriented and results-driven.
• Organized with strong time-management skills.
• Ability to dynamically switch among different tasks.
• Flexible attitude, reliable.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Strong problem-solving and analytical skills.
更多来自 Wizlynx Group
Cyber Security Sales Director
Wizlynx Group
网络安全
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
Cyber Security Consultant
Wizlynx Group
网络安全
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
Cyber Security Sales Manager
Wizlynx Group
网络安全
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
Application Security Specialist
Wizlynx Group
网络安全
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
Cyber Security Consultant - Red Team Specialist
Wizlynx Group
网络安全
中西区, 香港
7 天前
全职
办公室工作
技术、信息和媒体
更多类似工作
🎉 Got an interview?
