Senior Security and Vulnerability Tester- Austin, TX (Hybrid)
Apply on
Job Summary:
We are seeking an experienced Senior Security and Vulnerability Tester specializing in Liferay Portal to join our team. The ideal candidate will be responsible for ensuring the security of our Liferay Portal through rigorous security testing, vulnerability assessments, and penetration testing. This role requires deep knowledge of application security, vulnerability scanning, and the ability to identify, analyze, and mitigate security risks in a Liferay-based environment.
Key Responsibilities:
Vulnerability Scanning:
Conduct regular vulnerability scans using tools like Nessus, Insight VM and Qualys to identify security flaws in Liferay and its supporting infrastructure.
Analyze scan results and collaborate with development teams to patch and resolve identified vulnerabilities.
Penetration Testing:
Perform comprehensive penetration testing on the Liferay Portal to uncover vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).
Utilize tools such as Burp Suite, Metasploit, and OWASP ZAP to simulate real-world attacks and assess system resilience.
Static Application Security Testing (SAST):
Review the source code of Liferay components and custom modules using tools like SonarQube, Checkmarx, and Fortify to identify insecure coding practices.
Provide recommendations for improving code security and conduct regular audits of newly developed code.
Dynamic Application Security Testing (DAST):
Perform dynamic application security testing to identify runtime vulnerabilities in the Liferay Portal using tools like OWASP ZAP, Netsparker, or Acunetix.
Validate the effectiveness of security controls in real-time and recommend remediation strategies.
API Security Testing:
Assess the security of APIs integrated with the Liferay Portal for authentication, authorization, and data exposure vulnerabilities.
Use tools like Postman, Burp Suite, or OWASP API Security Testing Guide to evaluate API endpoints for common vulnerabilities such as broken authentication and insecure direct
object references.
Required Skills and Experience:
5+ years of experience in application security testing, including vulnerability assessments and penetration testing.
Hands-on experience with Liferay Portal security testing.
Proficiency in vulnerability scanning tools such as Nessus, OpenVAS, or Qualys.
Strong knowledge of Penetration Testing tools like Burp Suite, OWASP ZAP, Metasploit, and Kali Linux.
Expertise in Static Application Security Testing (SAST) using tools like SonarQube, Fortify, or Checkmarx.
Understanding of OWASP Top 10 vulnerabilities and how to prevent them.
Strong problem-solving skills and attention to detail.