Test Engineer (Web API and Security)

"ALL our jobs are US based and candidates must be in the US with valid US Work Authorization. Please apply on our website directly." Title : Test Engineer (Web API and Security)Location : Seattle WA (Look for Nearby candidates, as F2F is required)USC , GC, GC EADW2 Candidates -NO C2CPerform security testing at various levels with a focus on manual methodologies.Conduct thorough security vulnerability testing across web and API layers.ToolsLimited tool usage: Preference for manual techniques over extensive tool reliance.Proxy management tools: Utilize tools like Burp Suite and Fiddler to manage traffic interception and assess vulnerabilities.Manual ethical hacking: Capable of performing ethical hacking without automation, focusing on logic flaws, configuration issues, and manual exploitation.Traffic interception: Ability to intercept traffic between browser and application, analyzing requests and responses for potential weaknesses.ExpertiseWeb Application Security: In-depth understanding of securing web applications, identifying security flaws, and addressing them effectively.API Testing: Conduct security testing of APIs and services, ensuring data integrity and authorization controls.Threat Modeling: Experience in threat modeling to anticipate security vulnerabilities in both application design and code.Code Reviews: Perform manual code reviews to identify potential security risks before deployment.Application-Level Insight: Capable of obtaining deep insights into the application layer, identifying security threats beyond surface-level vulnerabilities.What Does He Mean By Manual Testing ApproachSomeone who can Conduct security assessments in scenarios without dedicated tools, (because Bank has limited tools; and want someone who can do things more Manually) using manual techniques to probe for vulnerabilities.Ability to simulate attacks on web applications and APIs through hands-on techniques.Deal BreakerManual Ethical Hacking; Hands-on Web Application Security experience.Proven ability to perform manual ethical hacking and security testing without relying heavily on tools.Strong knowledge of proxy management tools like Burp Suite and Fiddler for web and API testing.Good wtih API security testing.Ability to intersect browser-application traffic and identify security flaws.Application-Level Security Insight: Strong analytical skills to understand complex applications and their security requirements.