Application Security Test Engineer - (Thick Client Penetration Testing + Source Code Review)

About the position

We are seeking a skilled Application Security Test Engineer - (Thick Client Penetration Testing + Source Code Review)' to join our security team. In this role, you will be responsible for conducting security assessments, penetration testing, and secure code reviews of our thick client applications across various platforms (Windows, Linux desktop applications and mobile clients). Your primary focus will be on identifying and mitigating security vulnerabilities to enhance the overall security posture of our applications and services.

Responsibilities

• Conduct thorough vulnerability assessment on the Windows desktop VPN, other client applications and mobile client apps (Android and iOS).
• Identify and analyze cryptographic algorithms, protocols, and identify security misconfigurations implemented in the applications.
• Perform manual penetration testing to identify vulnerabilities, weaknesses, and potential exploits in the VPN and SonicWall client applications.
• Utilize various tools and methodologies to conduct static and dynamic security analysis of the binary code.
• Review source code for security flaws, coding errors, and potential areas of improvement.
• Collaborate with the development team to provide recommendations for secure coding practices.
• Conduct penetration testing on the Firewall hardware, virtual appliances, and VPN client applications to simulate real-world attack scenarios.
• Document and report findings, including recommended remediation steps.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and attack vectors relevant to VPN technologies.
• Prepare comprehensive reports detailing the results of security assessments and penetration tests.
• Clearly communicate findings, risks, and recommended mitigations to both technical and non-technical stakeholders.
• Works closely with cross-functional teams, including developers, system administrators, and PSIRT engineers, to address and resolve security issues.

Requirements

• Bachelor's degree in computer science, Cybersecurity, or a related field.
• Proven experience in Windows, Linux desktop applications and mobile clients (Android and iOS).
• Proficiency in using tools such as Burp Suite, Wireshark, IDA Pro, Ghidra, and other relevant application security tools.
• Strong understanding of VPN technologies, cryptographic protocols, and network security principles.
• Experience with Security Testing methodologies and standards.
• Excellent written and verbal communication skills.

Nice-to-haves

• Certifications such as OSCP, OSCE, or similar are a plus.