Penetration Tester
Penetration Tester
Interview mode: Webcam
Duration: 12 Months
Location: First Choice is Dallas, TX, but can also consider Malvern & Charlotte (Hybrid, 3 days a week; must be onsite on Day 1)
Responsibilities:
• Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
• Execute manual and automated code analysis to assess the quality and security of source code.
• Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
• Develop custom tools and exploits.
• Analyze security findings, including risk analysis and root cause analysis.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
• Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
• Execute verification and validation testing for customer mitigations and fixes
Qualifications:
• Experience in performing penetration testing on enterprise web applications, microservice and mobile applications.
• Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.
• Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
• Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
• Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.
• Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc.
• Solid understanding of OWASP testing methodology.
• Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).
• 3+ years of experience using Burp Suite Pro or equivalent application (e.g. ZAP).
Additional Info:
• Capable of working effectively and efficiently with minimal supervision.
• Strong written and verbal English language skills.
Demonstrated ability to:
• Adhere to the highest standards of honesty and scientific and business integrity.
• Think critically about complex problems and situations.
• Consider emerging web-based vulnerabilities and threats from within the context of organizational risk and business impact(s).
• Develop novel attack vectors based on newly discovered vulnerabilities
Preferences:
• Web application development or source code review experience.
• Strong knowledge of Windows and Linux operating systems.
• Working knowledge of containerized applications and container-based security controls and configurations.
• Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN)
Regards,
| Adarsh Sharma |
| Senior Technical Recruiter |
| A : 25 Oak Tavern Cir Branchburg, New Jersey – 08876 |
Read more:
top 10 staffing companies in usa
More Corp to corp hotlist
Join linkedin 42000+ US Active recruiters Network
Join No.1 Telegram channel for daily US JOBS and Updated HOTLIST
