Penetration Tester

• Work as part of a team delivering application and network security assessments to our clients.
  
• Perform web application and API penetration testing and Cloud Security Audits.
  
• Exploit vulnerabilities found in client systems; and then clearly communicate complex vulnerabilities to both technical and nontechnical client staff.
  
• Create comprehensive technical reports explaining the technical and business risk of the vulnerabilities found. This includes actionable recommendations/ considerations for the client.
  
• Participated in project conference calls with clients and on business development calls in support of sales activities.
  

Requirements

• Bachelors degree in computer science Engineering. Masters will be preferred.
  
• Three plus years of customerfacing consulting in Penetration Testing of dynamic web applications.
  
• It is strongly desired that this experience includes development and/or code auditing.
  

• Experience manually testing web applications and APIs.
  
• Background in web application development and or code auditing strongly preferred.
  
• Experience with AWS Cloud Audit Serverless and Microservice Architecture is a must.
  
• Working knowledge with scripting languages (e.g. Python Perl PHP Ruby)
  
• Working knowledge in basic networking concepts (routing ACL load balancers SSL/TLS TCP) to provide application architecture feedback.
  
• General understanding of AWS services (such as EC2 S3 KMS RDS) and security best practices relevant to those services
  
• Manual Java Code Review skills
  
• Passion for discovering and researching new vulnerabilities and exploitation techniques.
  
• Demonstrating high ethical standards
  
• Applying sound security testing methodologies
  
• Strong verbal & written communication skills
  

• Enterprise application penetration testing
  
• Strong working knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities such as XXE XXS SQLi
  
• Manually penetration testing of Network & Web application Mobile application penetration testing (iOS and Android)
  
• Web Services penetration testing (RESTful and SOAP) Web Authentication protocols (e.g. OAuth2 SAML LDAP)