Penetration Tester || Hybrid-TX, PA, NC || Contact

Contract

Penetration Tester

Penetration Tester

Interview mode: Webcam

Duration: 12 Months

Location: First Choice is Dallas, TX, but can also consider Malvern & Charlotte (Hybrid, 3 days a week; must be onsite on Day 1)

 

Responsibilities:

•            Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.

•            Execute manual and automated code analysis to assess the quality and security of source code.

•            Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.

•            Develop custom tools and exploits.

•            Analyze security findings, including risk analysis and root cause analysis.

•            Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.

•            Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.

•            Execute verification and validation testing for customer mitigations and fixes

 

Qualifications:

•            Experience in performing penetration testing on enterprise web applications, microservice and mobile applications.

•            Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws.

•            Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).

•            Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.

•            Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.

•            Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc.

•            Solid understanding of OWASP testing methodology.

•            Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc).

•            3+ years of experience using Burp Suite Pro or equivalent application (e.g. ZAP).

 

Additional Info:

•            Capable of working effectively and efficiently with minimal supervision.

•            Strong written and verbal English language skills.

 

Demonstrated ability to:

•            Adhere to the highest standards of honesty and scientific and business integrity.

•            Think critically about complex problems and situations.

•            Consider emerging web-based vulnerabilities and threats from within the context of organizational risk and business impact(s).

•            Develop novel attack vectors based on newly discovered vulnerabilities

 

Preferences:

•            Web application development or source code review experience.

•            Strong knowledge of Windows and Linux operating systems.

•            Working knowledge of containerized applications and container-based security controls and configurations.

•            Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN)

 

Regards,

 

 

To apply for this job email your details to adarsh@maxitstaffing.com