Application Security Test Engineer

Summary

Join SonicWall's security team as a skilled Application Security Test Engineer. This remote position (Turkey only) focuses on conducting security assessments, penetration testing, and secure code reviews of thick client applications across Windows, Linux, and mobile platforms. You will identify and mitigate security vulnerabilities, collaborate with developers, and report findings to stakeholders. The role requires expertise in vulnerability assessment, penetration testing, and secure coding practices, along with proficiency in various security tools. A bachelor's degree in a related field and experience with VPN technologies are essential.

Requirements

• Bachelor's degree in computer science, Cybersecurity, or a related field
• Proven experience in Windows, Linux desktop applications and mobile clients (Android and iOS)
• Proficiency in using tools such as Burp Suite, Wireshark, IDA Pro, Ghidra, and other relevant application security tools
• Strong understanding of VPN technologies, cryptographic protocols, and network security principles
• Experience with Security Testing methodologies and standards
• Excellent written and verbal communication skills

Responsibilities

• Conduct thorough vulnerability assessment on the Windows desktop VPN, other client applications and mobile client apps (Android and iOS)
• Identify and analyze cryptographic algorithms, protocols, and identify security misconfigurations implemented in the applications
• Perform manual penetration testing to identify vulnerabilities, weaknesses, and potential exploits in the VPN and SonicWall client applications
• Utilize various tools and methodologies to conduct static and dynamic security analysis of the binary code
• Review source code for security flaws, coding errors, and potential areas of improvement
• Collaborate with the development team to provide recommendations for secure coding practices
• Conduct penetration testing on the Firewall hardware, virtual appliances, and VPN client applications to simulate real-world attack scenarios
• Document and report findings, including recommended remediation steps
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and attack vectors relevant to VPN technologies
• Prepare comprehensive reports detailing the results of security assessments and penetration tests
• Clearly communicate findings, risks, and recommended mitigations to both technical and non-technical stakeholders
• Works closely with cross-functional teams, including developers, system administrators, and PSIRT engineers, to address and resolve security issues

Preferred Qualifications

Certifications such as OSCP, OSCE, or similar are a plus