Key Responsibilities:

• Conduct penetration testing and vulnerability assessments on web and thick-client applications.
• Perform SAP-specific penetration testing to identify and mitigate security risks.
• Analyze security requirements and ensure compliance with regulatory standards such as PCI DSS, SOX, HIPAA, etc.
• Articulate and train team members on OWASP Top 10 security risks and related concepts.
• Perform manual vulnerability assessments without relying solely on automated tools.
• Capture and analyze network traffic to identify vulnerabilities and sensitive data exposure.
• Develop high-quality, detailed reports on vulnerability findings and communicate them effectively to technical and management teams.

Qualifications:

• Minimum of 4 years' experience in penetration/vulnerability testing for web and thick-client applications.
• At least 2 years' experience in SAP penetration testing.
• Strong understanding of web technologies, including HTTP, HTML, CSS, and database connectivity.
• Proficiency in at least one programming/scripting language such as .NET, Java, PHP, Ruby, Perl, Bash, etc.
• Solid understanding of SQL and experience with MS SQL database management.
• Familiarity with enterprise-level security controls and techniques for bypassing them.
• Strong grasp of core security concepts including defense in depth, least privilege, encryption, and business continuity.
• Exceptional written and verbal communication skills.

Preferred Certifications:

• GSEC, GWAPT, CISSP, GPEN, GXPEN, CISA, CISM, OSCP, OSCE