Epicareer Might not Working Properly
Learn More
H

Senior Security and Vulnerability Tester (Liferay Portal) - Austin, TX(Hybrid)

Salary undisclosed

Apply on


Original
Simplified
  • Role: Senior Security and Vulnerability Tester (Liferay Portal)
  • Location: Austin, TX
  • Duration: 6+ Months
  • Below are five Key Testing skills needed for this role. Please prioritize this
  1. Vulnerability Scanning
  2. Penetration Testing (Pen Testing)
  3. Static Application Security Testing (SAST)
  4. Dynamic Application Security Testing (DAST)
  5. API Security Testing

Job Description: Senior Security and Vulnerability Tester (Liferay Portal)

Job Summary:

We are seeking an experienced Senior Security and Vulnerability Tester specializing in Liferay Portal to join our team. The ideal candidate will be responsible for ensuring the security of our Liferay Portal through rigorous security testing, vulnerability assessments, and penetration testing. This role requires deep knowledge of application security, vulnerability scanning, and the ability to identify, analyze, and mitigate security risks in a Liferay-based environment.

Key Responsibilities:

  1. Vulnerability Scanning:

Conduct regular vulnerability scans using tools like Nessus, Insight VM and Qualys to identify security flaws in Liferay and its supporting infrastructure.

Analyze scan results and collaborate with development teams to patch and resolve identified vulnerabilities.

  1. Penetration Testing:

Perform comprehensive penetration testing on the Liferay Portal to uncover vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF).

Utilize tools such as Burp Suite, Metasploit, and OWASP ZAP to simulate real-world attacks and assess system resilience.

  1. Static Application Security Testing (SAST):

Review the source code of Liferay components and custom modules using tools like SonarQube, Checkmarx, and Fortify to identify insecure coding practices.

Provide recommendations for improving code security and conduct regular audits of newly developed code.

  1. Dynamic Application Security Testing (DAST):

Perform dynamic application security testing to identify runtime vulnerabilities in the Liferay Portal using tools like OWASP ZAP, Netsparker, or Acunetix.

Validate the effectiveness of security controls in real-time and recommend remediation strategies.

  1. API Security Testing:

Assess the security of APIs integrated with the Liferay Portal for authentication, authorization, and data exposure vulnerabilities.

Use tools like Postman, Burp Suite, or OWASP API Security Testing Guide to evaluate API endpoints for common vulnerabilities such as broken authentication and insecure direct

object references.

  1. Configuration Auditing:

Perform security configuration audits of the Liferay portal and server environment, ensuring compliance with industry best practices (SSL/TLS, role-based access control, etc.).

Identify and mitigate security misconfigurations that could expose the portal to potential attacks.

  1. Cross-Site Scripting (XSS) and Injection Testing:

Perform specialized testing to detect XSS, SQL Injection, and other injection vulnerabilities in the portal.

Work closely with development teams to ensure proper input validation and security mechanisms are in place.

Required Skills and Experience:

  • 5+ years of experience in application security testing, including vulnerability assessments and penetration testing.
  • Hands-on experience with Liferay Portal security testing.
  • Proficiency in vulnerability scanning tools such as Nessus, OpenVAS, or Qualys.
  • Strong knowledge of Penetration Testing tools like Burp Suite, OWASP ZAP, Metasploit, and Kali Linux.
  • Expertise in Static Application Security Testing (SAST) using tools like SonarQube, Fortify, or Checkmarx.
  • Familiarity with security configuration best practices (SSL/TLS, RBAC, database security).
  • Proven experience in detecting and mitigating Cross-Site Scripting (XSS), SQL Injection, and other common web vulnerabilities.
  • Understanding of OWASP Top 10 vulnerabilities and how to prevent them.
  • Strong problem-solving skills and attention to detail.

Preferred Qualifications:

  • Experience with cloud-based environments (AWS, Azure) and container security.
  • Familiarity with DevSecOps practices and tools for integrating security into the SDLC.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job