Overview:
Expleo is a trusted partner for your innovation journey. As a global engineering, technology and consulting service provider, we are ideally positioned to help you achieve your ambitions and future-proof your business. With a smart blend of bold thinking and reliable execution, we’re able to fast-track innovation through each step of your value chain.
We are strategically positioned to build value, with a global footprint across 30 countries.
We are as global and local as you need us to be, with strong best-in-class pan-European technological centres and unique best-shoring capabilities.
We are as global and local as you need us to be, with strong best-in-class pan-European technological centres and unique best-shoring capabilities.
We leverage a network of high value-adding affiliates in consulting and industrial excellence, and leading partners across multiple sectors to provide you with the most comprehensive services and solutions in an ever-changing environment.
Responsibilities:
- Perform penetration tests on web applications, following the OWASP Testing Guide and OWASP Top 10 methodology.
- Apply manual and automated security testing techniques.
- Analyze and validate critical vulnerabilities, including:
- SQL Injection
- Path Traversal
- Cross-Site Scripting (XSS)
- Broken Access Control
- Session Management Weaknesses
- Insecure Cryptography
- Privilege Escalation
- HTTP Header Injection / Response Splitting
- Evaluate key areas such as:
- Session management and authentication
- Permission control and client code security
- Parameter and data manipulation
- Error and exception handling
- Encryption and data protection
- Produce clear technical reports with actionable recommendations.
- Collaborate with developers and QA teams to mitigate vulnerabilities found.
- Minimum of 4 years of experience in similar roles
- Proven experience in Web Application Penetration Testing.
- In-depth knowledge of OWASP Top 10 and security methodologies.
- Proficiency in security testing tools (Burp Suite, OWASP ZAP, Kali Linux, etc.).
- Experience with manual vulnerability analysis, in addition to automated testing.
- Good knowledge of web protocols (HTTP/HTTPS) and header security.
- Analytical skills and attention to detail.
- Fluency in English (written and spoken).
- The candidate must already be residing in Portugal.