Penetration Tester (Java Application Security)

Project Overview

The client is seeking an experienced Penetration Tester specializing in Java application security. The role focuses on identifying exploiting and remediating vulnerabilities in large-scale enterprise applications to strengthen overall cybersecurity posture. The consultant will work closely with development and testing teams to integrate security practices into the software development lifecycle.

Key Responsibilities

• Perform penetration testing and vulnerability assessments on Java applications and infrastructure
• Identify and analyze security vulnerabilities using both automated and manual techniques
• Develop and execute custom exploits to simulate real-world attack scenarios
• Collaborate with development teams to assess application architecture and detect security gaps early
• Partner with QA teams to integrate security into manual and automated testing processes
• Provide recommendations for secure coding practices and vulnerability remediation
• Stay current with Java security threats NIST CVEs and industry best practices
• Support secure SDLC improvements and security governance initiatives
• Assist in incident response related to Java application vulnerabilities
• Document findings with detailed risk assessments and remediation strategies
• Communicate technical findings to both technical and non-technical stakeholders
• Contribute to security policies and standards for application development
• Analyze URLs query parameters browser data tokens and caching mechanisms for vulnerabilities
• Evaluate production vs. non-production environments for security risks
• Apply frameworks such as MITRE ATT&CK in security assessments

Required Qualifications

• Bachelors degree in Computer Science Information Security or related field
• Minimum 6 years of experience in Development and Security (DevSec) roles
• Strong background in Java programming and secure coding practices
• Experience with penetration testing and ethical hacking focused on Java applications
• Prior experience working on large-scale enterprise applications
• Proficiency in web application security standards (e.g. OWASP)
• Knowledge of common vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS)
• Hands-on experience with tools such as Burp Suite and Metasploit
• Familiarity with Fortify on Demand (SAST/DAST tools)
• Strong understanding of cryptography and secure protocols (SSL/TLS)

Technical & Soft Skills

Technical Skills:

• Core Java development and security testing
• Web application security and vulnerability assessment
• Secure code review and exploit development
• Scripting (preferred: Python Bash)
• API and browser-based security testing
• Knowledge of cloud and mobile security testing (preferred)

Soft Skills:

• Strong analytical and problem-solving ability
• Clear communication with cross-functional teams
• Ability to explain technical risks to non-technical stakeholders
• High level of integrity and confidentiality