We look for the risk-takers, the collaborators, the inspired and the inspirational. We want the people who are brave enough to work at the cutting edge and create solutions that will enrich and improve the lives of people across the globe. So, if you want to make the world say wow, let's talk.
The conversation starts here. If this role matches your ambitions and skillset, let's get started with your application. Take a look at our other open positions too. Our many opportunities can lead to infinite possibilities.
Job description: Web Applications Pen-testerPosition Summary:
Software Architecture Division (SARD) is looking for a motivated, creative and experienced web application penetration tester.
Product security group in SARD has been providing defensive and offensive security testing services since 2012. We do security assessments for different Sony products such as PlayStation, consumer electronics (CE) and professional solutions many of each you can found on the official Sony site.
SARD primarily works on core technologies that are used in Sony products and services as part of Sony India Software Centre located in Bangalore.
We help Sony entities finding vulnerabilities before their products are released to the market by looking at them from a skilled human attacker point of view. We know how the attackers think and what tools they use. Our assessments are 90% manual, but we use different automation techniques (e.g., fuzzers) helping us to identify suspicious areas for future investigations.
We are looking for an experienced hands-on web penetration tester. In this role, the new team member will focus on testing and evaluating the security of web applications and APIs. It includes creating and executing a pen-testing plan, reporting the found vulnerabilities and providing recommendations how to fix them.
The team is also responsible for organizing the cumulated knowledge about existing vulnerabilities and potential threats on specific targets.
Tools are developed as part of the execution and automation of the research process.
Finally, the team closely collaborates with colleagues in Sony Brussels Laboratory, who have been providing a wide range of offensive security services inside Sony for the last 10 years.
In general, the following activities are expected to be executed by the new team member:
- Hands on penetration testing
- Development of helper security verification tools
- Performing security design reviews of web applications, network/cloud deployments
- Security code reviews of web applications and/or web APIs
- Writing clear vulnerability reports and provide guidance to the development teams on fixing the security issues
- Documentation of knowledge and findings in the form of guidelines, checklists and examples to be used by development teams
- Own the project from the beginning to the end
Job Start and Duration
Job start is ASAP. We are interested in both permanent and temporary contracts. For the temporary type of contract we are interested to keep the hired security researcher longer if we are happy with the performance.
Profile
The candidate needs to have the following qualifications:
- Strong hands-on penetration skills
- Deep knowledge of web technologies (HTML5, Java, JavaScript, Tomcat, etc.)
- Deep knowledge of application security mechanisms such as authentication and authorization techniques, data validation, output sanitization/encoding and proper use of encryption
- Excellent understanding of web applications, web browsers, web servers and frameworks
- Experience with common penetration testing tools, including Burp Suite, Nessus, sqlmap, Nmap, Wireshark
- Good knowledge of network protocols and network protection techniques (firewalls, filtering, other) and methods for bypassing them
- Deep knowledge of web service technologies such as: WebSockets, SOAP, REST, JSON, XML, etc., as well as deep knowledge of WebService security schemes: OAuth, SAML, etc.
- Good working knowledge of at least one of these scripting languages or frameworks: Python, Ruby, NodeJS, PHP
- Working knowledge of basic cryptographic principles: symmetric/asymmetric encryption, PKI, etc.
- Experience with fuzzing and security code review
- Knowledge of multiple RDBMS systems: MySQL , PostgreSQL, ORACLE, etc.
- Excellent analytical skills and ability to think out of the box
- Experience with both Linux and Windows OS
- Strong command of English
- Good communication and writing skills
Experience in the following topics is desirable:
- Experience with AWS (including serverless architectures), GCP, MS Azure
- Mobile application security
Top Skills
What We Do
See everything new from the world of Sony USA—including electronics, PlayStation, movies, music and TV shows—plus find support for your Sony products.
Sony’s purpose is simple. We aim to fill the world with emotion, through the power of creativity and technology. We want to be responsible for getting hearts racing, stirring ambition, and putting a smile on the faces of our customers. That challenge, combined with our spirit of innovation, motivates us to create groundbreaking technology, entertainment, and services for people worldwide.
Our history as a global brand has been built around employees that all have a passion for touching peoples' lives, and pride in pushing beyond the status quo to produce truly extraordinary results.
We’re uniquely positioned because we operate in many different industries - from movies and music to video games and electronics. And, with offices around the globe, we benefit from a global workforce that learns and grows together through mutual respect.
If you're ready to join a diverse team at an innovation-led company with the power to change lives, then we encourage you to read up on the different Sony group companies and check out our Life page. Then, get in touch, and together, let’s make the world say wow.