Who we think will be a great fit.

 A passion for information security with a hacker mindset!

 Self-motivation and Proactiveness

 Communication skills

What we need...

We want people with preferably two or more, of the following:

1. Web Application Security Testing.

 Knowledge about BURP Suite, manual and automated SQLi

 Bypass filters that detect SQLi, XSS, etc.

 People who don't think Injection means only SQLi but  SSTI, SSJI, ORMi [HQLi], LDAPi, Eli, XMLi etc.

2. Network  Infrastructure Testing.

 Ability to write custom scripts and wrappers.

 Knowledge of tools like Responder, Ettercap, tcpdump,  Empire,  etc.not just Nmap and Nessus

 Have good knowledge about PowerShell scripting and AD/DC infrastructure.

3. Mobile App Testing.

 Root/jailbreak and Certificate pinning  bypass without any automated tool

 Dynamic instrumentation using Frida

 De-obfuscation of APK/IPA file

4. IoT Testing.

 MQTT attacks

 Fuzzing of IoT devices

 Firmware extraction

5. Cloud Testing.

 A good understanding of the cloud infrastructure that includes AWS, Azure and Google cloud.

 Have a good understanding of microservices architecture.

6. Secure Code Review.

 Ability to visualize and compile applications without any compiler (in your mind).

 Has the ability to learn a new programming language on-the-go.

"Attackers don't follow standards and certifications." - Saumil Shah

 OSCP/OSCE won't hurt your chances to land in your dream job, but CEH might.

Required Candidate profile