Security and Vulnerability Tester (Liferay Portal)

Resourcesys Inc • Austin, TX, US • 1m ago

Job Title:- Senior Security and Vulnerability Tester (Liferay Portal)

Location:- Austin,TX (Onsite)

Duration:- Contract

Job Description

Below are five Key Testing skills needed for this role. Please prioritize this 1. Vulnerability Scanning 2. Penetration Testing (Pen Testing) 3. Static Application Security Testing (SAST) 4. Dynamic Application Security Testing (DAST) 5. API Security Testing Job Summary: We are seeking an experienced Senior Security and Vulnerability Tester specializing in Liferay Portal to join our team. The ideal candidate will be responsible for ensuring the security of our Liferay Portal through rigorous security testing, vulnerability assessments, and penetration testing. This role requires deep knowledge of application security, vulnerability scanning, and the ability to identify, analyze, and mitigate security risks in a Liferay-based environment. Key Responsibilities: 1. Vulnerability Scanning: Conduct regular vulnerability scans using tools like Nessus, Insight VM and Qualys to identify security flaws in Liferay and its supporting infrastructure. Analyze scan results and collaborate with development teams to patch and resolve identified vulnerabilities. 2. Penetration Testing: Perform comprehensive penetration testing on the Liferay Portal to uncover vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Utilize tools such as Burp Suite, Metasploit, and OWASP ZAP to simulate real-world attacks and assess system resilience. 3. Static Application Security Testing (SAST): Review the source code of Liferay components and custom modules using tools like SonarQube, Checkmarx, and Fortify to identify insecure coding practices. Provide recommendations for improving code security and conduct regular audits of newly developed code.

Dynamic Application Security Testing (DAST):

Perform dynamic application security testing to identify runtime vulnerabilities in the Liferay Portal using tools like OWASP ZAP, Netsparker, or Acunetix. Validate the effectiveness of security controls in real-time and recommend remediation strategies.

API Security Testing:

Assess the security of APIs integrated with the Liferay Portal for authentication, authorization, and data exposure vulnerabilities. Use tools like Postman, Burp Suite, or OWASP API Security Testing Guide to evaluate API endpoints for common vulnerabilities such as broken authentication and insecure direct object references. 6. Configuration Auditing: Perform security configuration audits of the Liferay portal and server environment, ensuring compliance with industry best practices (SSL/TLS, role-based access control, etc.). Identify and mitigate security misconfigurations that could expose the portal to potential attacks. 7. Cross-Site Scripting (XSS) and Injection Testing: Perform specialized testing to detect XSS, SQL Injection, and other injection vulnerabilities in the portal. Work closely with development teams to ensure proper input validation and security mechanisms are in place. Required Skills and Experience:

5+ years of experience in application security testing, including vulnerability assessments and penetration testing.
Hands-on experience with Liferay Portal security testing.
Proficiency in vulnerability scanning tools such as Nessus, OpenVAS, or Qualys.
Strong knowledge of Penetration Testing tools like Burp Suite, OWASP ZAP, Metasploit, and Kali Linux.
Expertise in Static Application Security Testing (SAST) using tools like SonarQube, Fortify, or Checkmarx.