| Senior Security and Vulnerability Tester (Liferay Portal) at Austin, Texas, USA |
| Email: [email protected] |
| From: Rishav Verma, Tanisha Systems Inc [email protected] Reply to: [email protected] Greetings, My name is Rishav and I'm an IT recruiter at Tanisha Systems Our records show that you are an experienced IT professional with experience in Senior Security and Vulnerability Tester (Liferay Portal). This experience is relevant to one of my current openings. The opening requires good communication skills in addition to the above skills. It is in Austin, TX -(Day1- 5 days Onsite) Job Type :: Contract Job Title:- Senior Security and Vulnerability Tester (Liferay Portal) Job Location:- Austin, TX -(Day1- 5 days Onsite) Need 12+ Years of Exp and Locals Only In-Person Interview mandatory Job Summary: We are seeking an experienced Senior Security and Vulnerability Tester specializing in Liferay Portal to join our team. The ideal candidate will be responsible for ensuring the security of our Liferay Portal through rigorous security testing, vulnerability assessments, and penetration testing. This role requires deep knowledge of application security, vulnerability scanning, and the ability to identify, analyze, and mitigate security risks in a Liferay-based environment. Key Responsibilities: Vulnerability Scanning: Conduct regular vulnerability scans using tools like Nessus, Insight VM and Qualys to identify security flaws in Liferay and its supporting infrastructure. Analyze scan results and collaborate with development teams to patch and resolve identified vulnerabilities. Penetration Testing: Perform comprehensive penetration testing on the Liferay Portal to uncover vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Utilize tools such as Burp Suite, Metasploit, and OWASP ZAP to simulate real-world attacks and assess system resilience. Static Application Security Testing (SAST): Review the source code of Liferay components and custom modules using tools like SonarQube, Checkmarx, and Fortify to identify insecure coding practices. Provide recommendations for improving code security and conduct regular audits of newly developed code. Dynamic Application Security Testing (DAST): Perform dynamic application security testing to identify runtime vulnerabilities in the Liferay Portal using tools like OWASP ZAP, Netsparker, or Acunetix. Validate the effectiveness of security controls in real-time and recommend remediation strategies. API Security Testing: Assess the security of APIs integrated with the Liferay Portal for authentication, authorization, and data exposure vulnerabilities. Use tools like Postman, Burp Suite, or OWASP API Security Testing Guide to evaluate API endpoints for common vulnerabilities such as broken authentication and insecure direct object references. Configuration Auditing: Perform security configuration audits of the Liferay portal and server environment, ensuring compliance with industry best practices (SSL/TLS, role-based access control, etc.). Identify and mitigate security misconfigurations that could expose the portal to potential attacks. Cross-Site Scripting (XSS) and Injection Testing: Perform specialized testing to detect XSS, SQL Injection, and other injection vulnerabilities in the portal. Work closely with development teams to ensure proper input validation and security mechanisms are in place. Required Skills and Experience: 5+ years of experience in application security testing, including vulnerability assessments and penetration testing. Hands-on experience with Liferay Portal security testing. Proficiency in vulnerability scanning tools such as Nessus, OpenVAS, or Qualys. Strong knowledge of Penetration Testing tools like Burp Suite, OWASP ZAP, Metasploit, and Kali Linux. Expertise in Static Application Security Testing (SAST) using tools like SonarQube, Fortify, or Checkmarx. Familiarity with security configuration best practices (SSL/TLS, RBAC, database security). Proven experience in detecting and mitigating Cross-Site Scripting (XSS), SQL Injection, and other common web vulnerabilities. Understanding of OWASP Top 10 vulnerabilities and how to prevent them. Strong problem-solving skills and attention to detail. Preferred Qualifications: Experience with cloud-based environments (AWS, Azure) and container security. Familiarity with DevSecOps practices and tools for integrating security into the SDLC. Thanks & Regards Rishav Verma Sr. Technical Recruiter Tanisha Systems Inc. [99 Wood Ave South Suite # 308, Iselin, NJ 08830] Office Number: 732-490-4608 | Ext: 429 Email: [email protected] LinkedIn: https://www.linkedin.com/in/rishav-verma-93783b172/ Web: www.tanishasystems.com Keywords: information technology New Jersey Texas Senior Security and Vulnerability Tester (Liferay Portal) [email protected] |
| [email protected] View all |
| Wed Oct 23 21:28:00 UTC 2024 |