Application Security Test Engineer - (Thick Client Penetration Testing + Source Code Review) at SonicWall

SonicWall, a cybersecurity company with over 30 years of expertise, is seeking an Application Security Test Engineer to join their security team. This role involves conducting security assessments, penetration testing, and secure code reviews of thick client applications across Windows, Linux desktop, and mobile platforms. The candidate will identify and mitigate security vulnerabilities to enhance application security.

• Conduct thorough vulnerability assessment on Windows desktop VPN, other client applications and mobile client apps (Android and iOS).
• Identify and analyze cryptographic algorithms, protocols, and identify security misconfigurations implemented in the applications.
• Perform manual penetration testing to identify vulnerabilities, weaknesses, and potential exploits in the VPN and SonicWall client applications.
• Utilize various tools and methodologies to conduct static and dynamic security analysis of the binary code.
• Review source code for security flaws, coding errors, and potential areas of improvement.
• Collaborate with the development team to provide recommendations for secure coding practices.
• Conduct penetration testing on the Firewall hardware, virtual appliances, and VPN client applications to simulate real-world attack scenarios.
• Document and report findings, including recommended remediation steps.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and attack vectors relevant to VPN technologies.
• Prepare comprehensive reports detailing the results of security assessments and penetration tests.
• Clearly communicate findings, risks, and recommended mitigations to both technical and non-technical stakeholders.
• Works closely with cross-functional teams, including developers, system administrators, and PSIRT engineers, to address and resolve security issues.

Requirements:

• Bachelor's degree in computer science, Cybersecurity, or a related field.
• Proven experience in Windows, Linux desktop applications and mobile clients (Android and iOS).
• Proficiency in using tools such as Burp Suite, Wireshark, IDA Pro, Ghidra, and other relevant application security tools.
• Strong understanding of VPN technologies, cryptographic protocols, and network security principles.
• Experience with Security Testing methodologies and standards.
• Excellent written and verbal communication skills.
• Certifications such as OSCP, OSCE, or similar are a plus.

SonicWall offers:

• A remote work environment for candidates residing in Turkey.
• An equal opportunity employer committed to diversity.