Security Testing Professional

Security Requirements Understanding and Test Preparation:

• Work closely with stakeholders to understand security requirements for various applications and systems, especially in the retail domain.
• Develop and prepare test scripts to perform security assessments based on the defined security requirements.
• Ensure security test cases are comprehensive and cover all critical aspects of the application, including data protection, authentication mechanisms, and authorization controls.

Security Testing and Vulnerability Assessment:

• Perform security testing on applications and systems, using tools like Burp Suite to identify vulnerabilities, flaws, and misconfigurations.
• Conduct penetration testing, vulnerability scanning, and manual exploitation to identify and exploit potential security risks.
• Assess and validate findings from automated security scans and conduct in-depth analysis of vulnerabilities discovered during testing.

Reporting and Documentation:

• Prepare detailed test reports, documenting vulnerabilities and security flaws identified during testing.
• Provide actionable recommendations to mitigate security risks, including remediation steps and guidance for fixing vulnerabilities.
• Ensure reports are clear, concise, and understandable for both technical and non-technical stakeholders.

Collaboration and Issue Resolution:

• Collaborate with developers, IT teams, and other stakeholders to resolve identified security issues.
• Assist in verifying fixes and conducting follow-up testing to ensure that vulnerabilities have been effectively addressed.
• Support security reviews and guide teams to ensure that security practices are followed during the software development lifecycle.

Security Best Practices and Continuous Improvement:

• Stay updated with the latest trends, tools, and techniques in the field of security testing and ethical hacking.
• Contribute to the development of security testing standards and best practices.
• Support training and awareness programs within the organization to promote a security-first mindset.

Required Skills and Qualifications:

Core Technical Skills:

• 5+ years of experience in security testing for web and mobile applications.
• Proficiency in using Burp Suite for penetration testing, vulnerability scanning, and exploitation.
• Strong understanding of security protocols, OWASP Top 10 vulnerabilities, and common web application vulnerabilities (e.g., SQL Injection, XSS, CSRF).
• Experience in performing vulnerability assessments and penetration testing in complex environments.

Domain Expertise:

• Experience in retail domain security, including e-commerce platforms, payment systems, and customer data protection.
• Familiarity with retail-specific security challenges, such as PCI-DSS compliance, customer privacy, and secure payment transactions.

Communication and Problem Solving:

• Strong communication skills to create detailed and clear security reports and presentations for both technical and business teams.
• Ability to troubleshoot and resolve security-related issues quickly and efficiently, providing proactive solutions.
• Experience in working with cross-functional teams, including developers, system administrators, and security teams.

Certifications (Preferred):

• Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP).
• CISSP or other relevant security certifications are a plus.