- Experienced Penetration-tester: At least 2 years’ experience in application layer penetration testing for web applications, C/S architecture, complex projects, code reviews, gray/white box projects, etc.
- knowledge and experience in Application security field, deep knowledge of application level vulnerabilities and mitigation
- Secure coding best practices
- Knowledge in programming (Java, .Net, C++, etc.) & protocols (TCP/IP, HTTP, SSL, DNS) – the more the better
- Good verbal communication and social skills
- Good writing/reporting skills Additional relevant skills
- Knowledge / Experience in SDLC and secure coding processes
- Knowledge in Regulations, Standards, including but not limited to: ISO27001, ISO9001, GDPR
- Infrastructure security – knowledge or experience with infrastructure security and Infrastructure penetration testing
- Knowledge/Experience with security tools (DB, FW, WAF, security tools, etc)
- Knowledge / experience with cloud applications, specifically AWS
- Other: Reverse engineering, Threat-Modeling, Cryptography, etc.