In the Story of Snappfood, we believe in creating value that goes beyond the ordinary. We are wiling to establish innovative tendencies and are eager to have you on our team to help us get through our business challenges with creativity, intelligence, and agility.
We are waiting for you to continue this story.
Key Responsibilities:
- Perform comprehensive manual and automated penetration testing on web applications, mobile apps (iOS/Android), APIs (REST, GraphQL), and SPAs.
- Identify, exploit, and document a wide range of vulnerabilities, including but not limited to:
- Authentication & Authorization flaws (e.g., JWT misconfigurations, OAuth issues)
- Injection attacks (SQLi, NoSQLi, Command Injection, etc.)
- Cross-Site Scripting (XSS) (DOM-based, Reflected, Stored)
- Cross-Site Request Forgery (CSRF)
- Business logic flaws and chained vulnerabilities
- Insecure Direct Object References (IDOR)
- Broken access controls and race conditions
- Mobile-specific vulnerabilities
- Participate in bug bounty programs, triaging submissions, validating findings, and collaborating with external researchers.
- Conduct source code reviews to uncover vulnerabilities in web and mobile codebases.
- Develop Proof-of-Concept (PoC) scripts using Python, JavaScript, or similar to demonstrate vulnerabilities.
- Create detailed technical reports for developers and executive summaries for leadership, including remediation guidance.
- Collaborate with development teams to reproduce, prioritize, and remediate vulnerabilities effectively.
- Stay updated on emerging threats, exploit techniques, and industry standards (e.g., OWASP Top 10, OWASP MASVS, WSTG).
- Contribute to secure SDLC processes and provide guidance on integrating security into CI/CD pipelines.
Key Requirements:
- 3+ years of hands-on experience in web and mobile application penetration testing and/or bug bounty programs.
- Deep understanding of web and mobile security vulnerabilities, exploitation techniques, and mitigation strategies.
- Experience testing APIs (REST, GraphQL), SPAs, and mobile apps (iOS/Android), including familiarity with mobile-specific tools (e.g., Frida, Objection, MobSF).
- Strong scripting skills in Python, JavaScript, or similar for PoC development and test automation.
- Familiarity with bug bounty platforms
- Knowledge of CI/CD pipelines and secure SDLC
Benefits:
- Vouchers for vacation, Gym, Therapy Sessions, Intervnet Costs
- Complementary Insurance
- Educational platform of advanced courses
- Snappfood’s Discount codes
- Loans