A penetration tester is a type of network / application security consultant that tries to break into or find possible exploits in different computer systems and software.
They act as Ethical Hacker and generally are expected to run a Vulnerability Assessment / Penetration Testing and create assessment reports about the findings for Higher Management. While they will often be running pre-determined types of tests, they will also be innovating their own tests a depending upon the Products and solutions from SAP portfolio, which requires creativity and imagination.
As a penetration tester, you would be expected to conduct Vulnerability Analysis and Penetration tests on web-based applications, networks, and other types of computer systems on a regular basis. You will be expected to work on Cloud Security, Mobile Security, and Security of ERP Products. Along with these tests and assessments, candidate is expected to perform regular security audits from both Design, Process and technical / hands-on standpoint. Candidate is expected to work on the security of databases HANA Appliance Model, software development, and/or company secrets. Candidate is also expected to acquire Data privacy skillsets to perform the DPP assesssments.
- Graduate in Computer Science, Software engineering or equivalent with 2+ years of working experience in IT Security is required
- Experienced in application security testing (source code review and application penetration tests) along with working knowledge of Security principles, techniques and technologies
- Good understanding of network protocols, design and operations and understanding of Data Privacy protection and assessment skillsets
- Application development background and security knowledge – example of languages include C, C#, C++, Java, J2EE
- Experience with various security tools and products (Fortify, AppScan Burp Suite, etc…) and Vulnerability and threat management
- Good understanding of the components of a secure DLC/SDLC
- Vulnerability analysis and application reversing skills along with understanding of GDPR regulations.
- Preferred certifications: CISSP, CISA, CEH, OSCP or other information security Certifications, ISO27034