Application Security Penetration Tester
Fully remote – US Persons only
Full time hire.
About the Role:
As an Application Security Penetration Tester, you will play a critical role in safeguarding our organization's digital assets by identifying and mitigating security vulnerabilities within our applications and systems. You will work closely with development teams, security engineers, and other stakeholders to ensure the security and resilience of our applications and services.
Key Responsibilities:
- Conduct in-depth security assessments: Perform manual and automated security testing of web applications, APIs, mobile applications, and cloud-based systems.
- Vulnerability Identification & Exploitation: Identify and exploit vulnerabilities such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats.
- Threat Modeling & Risk Assessment: Conduct threat modeling exercises and analyze security risks across the application lifecycle.
- Remediation Guidance: Provide detailed remediation recommendations and work with development teams to implement security fixes.
- Reporting & Documentation: Prepare comprehensive reports documenting test findings, vulnerabilities, and remediation plans.
- Stay Informed: Maintain a strong understanding of the latest security threats, vulnerabilities, and industry best practices.
- Collaborate: Work closely with development teams, security engineers, and other stakeholders to ensure the security of applications.
- Contribute to Security Initiatives: Participate in security initiatives, such as security awareness training and the development of secure coding guidelines.
Qualifications:
- Bachelor's degree in Computer Science, Information Security, or a related field.
- 5-10 years of hands-on experience in application security testing.
- Strong understanding of security principles and best practices, including OWASP Top 10 and SANS 25.
- Experience with security testing tools such as Burp Suite, Metasploit, Nmap, and AppScan.
- Proficiency in scripting languages (e.g., Python, Ruby, PowerShell).
- Experience with cloud technologies (e.g., AWS, Azure, GCP).
- Knowledge of web application technologies, including web servers (e.g., Apache, Nginx), databases, and operating systems (Windows, Linux).
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills.
- Ability to work independently and as part of a team. 1
Certifications (Preferred):
- CEH, CompTIA PenTest+, CSSLP, or other relevant security certifications.
- GIAC Application Security and/or Penetration Testing certifications.
Benefits:
- Competitive salary and benefits package
- Opportunities for professional development and growth
- Collaborative and supportive work environment
If you are a passionate and skilled security professional with a strong desire to make a significant impact, we encourage you to apply.
