Responsibilities:

• Responsible for application & infrastructure penetration testing.
• Penetration Testing monitoring, identifying, and exploiting security vulnerabilities in web-based applications, mobile applications, and systems.
• Conduct penetration testing, identifying vulnerabilities, and providing remediation steps.
• Planning and executing penetration tests with the larger team
• Solid knowledge and experience of using a variety of penetration testing or threat modeling tools including open source and commercial
• Probe for vulnerabilities in applications.
• Pinpoint methods that attackers could use to exploit weaknesses and logic flaws.
• Incorporate business considerations (e.g. loss of earnings due to downtime, cost of engagement, etc.) into security strategies.
• Research, document and discuss security findings with management and IT teams.
• Review and define requirements for information security solutions.
• Identifying threats using threat risk modeling and creating solutions or mitigation approaches
• Be sensitive to qTech. considerations when performing testing
• Daily administrative tasks, reporting, and communication with the relevant departments in the organization.
• Any other duties may be assigned.

Job Requirements / Qualification:

• B.S. Computer Science, Engineering, or related experience.
• 3+ years of work experience in an Information Security role.
• Excellent communication, documentation, and presentation skills in business-level English.
• Strong attention to detail with an analytical mind and outstanding problem-solving skills.
• Great awareness of cybersecurity trends and threats.
• Interest in all aspects of security research and development.
• Experience in secure code review, coding design development, and risk mitigation.
• Prior experience in programming/scripting knowledge and experience with either .Net / Java / Scala / Python / PHP / Magneto, also an ability to find design flaws in different programming languages, and architecture misconfigurations, and Knowledge of Cryptography.
• Knowledgeable in both Linux and Windows OS and their internals
• Full-stack understanding of end-to-end application communications.
• Cyber attacker mindset, a good learner with an innovative mind, and problem-solving abilities.