Application Security Engineer (Pentester)

Responsibilities

• Discover security vulnerabilities through design review, source code review and penetration testing, either manually or by using automated tools, and follow up on the remediation process
• Participant in relevant agile scrum meetings and provide professional recommendations on the design of security controls, libraries, and/or protocols
• Conduct security-related training sessions
• Implement various security control verification and risk detection through automated scripts
• Provide support on application-level security monitoring, intrusion detection, and incident response
  

• OSCP (or equivalent, such as CREST) is a MUST. 
• A deep understanding of OWASP Top 10 and the ability to detect and address logic flaws are highly desirable. 
• Minimum four years of experience in Web API testing and proficiency in using BurpSuite is preferred. 
• Experience with Mobile App testing, comprehension of jailbreaking/rooting a device, API hooking, reverse engineering, and de-obfuscation is highly beneficial
• Fluency in spoken and written English is essential, and proficiency in Mandarin would be advantageous