Senior Web Application Penetration Tester - Remote

Overview

We are seeking a Senior Web Application Penetration Tester to join our growing team. As a Senior Web Application Penetration Tester, you will be challenged to perform endpoint discovery, open source research, web application enumeration, and novel vulnerability analysis/exploitation. This is much more than Burp scans; operators routinely develop custom tooling (in languages such as PHP, Java, and Python) and achieve a deep understanding of target infrastructure/technology in exploitation paths. The assessments are usually a long haul and great for advanced bug bounty hunters who enjoy getting deep in the weeds. Some cloud/Active Directory experience is a plus for post exploitation activities.

In Short

• Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
• Collaborate with team members and clients to define project scopes, business cases, review test results, and determine remediation steps.
• Analyze security findings, including risk analysis and root cause analysis.
• Draft reports and communicate complex security concepts and test findings to clients and stakeholders.
• Participate in client meetings, communicate clearly and openly on incremental progress, and inform the team of any help needed on impediments and roadblocks.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigation.

Requirements

• Ability to participate in cybersecurity control testing engagements for the customer's network, websites, apps and cloud technologies.
• OSCP, OSWA, OSWE, CRTO, CBBH, GWAPT, or other relevant, hands-on certification
• Must have experience in web application penetration testing.
• Knowledge of FISMA and NIST 800 series standards.
• Experience in network mapping, vulnerability scanning, and penetration and web application testing.
• Experience using approved test protocols and procedures to conduct network and application-level penetration tests.
• Experience attending client meetings, recording internal and technical client interviews and preserving the contents of reports and memoranda.
• Proficiency in using scanning tools like Nessus and NMap, as well as penetration tools like the Kali Linux suite, Burpsuite and Metasploit.
• Must be willing to travel as needed.
• Must be able to obtain Secret Clearance.
• Experience in script writing and crafting of payloads.

Benefits

• Competitive salary
• Employer-paid health insurance premiums (medical, dental, vision)
• Employer-paid short/long term disability insurance and basic life/AD&D insurance
• 401K with a 4% employer contribution
• Professional development reimbursement options available (training, certification, education, etc)
• Flexible and remote work policies for most positions
• Paid Time Off (PTO) at a rate of three (3) weeks plus one (1) day per year of service up to four (4) weeks annually
• 11 paid holidays per calendar year