Penetration Tester

Project Overview

The client is seeking an experienced Penetration Tester with strong expertise in Java application security to support large-scale enterprise applications. The role focuses on identifying testing exploiting and helping remediate vulnerabilities across Java-based applications and infrastructure environments.

The ideal candidate will have a strong background in both software engineering and DevSecOps/security testing with hands-on experience performing penetration testing vulnerability assessments secure code reviews and application security analysis.

Key Responsibilities

• Conduct penetration testing and vulnerability assessments for Java applications and supporting infrastructure.
• Identify security vulnerabilities in Java code using both manual and automated testing techniques.
• Develop and execute custom exploits to simulate real-world attacker behavior.
• Collaborate with development teams to understand application architecture and identify security risks early in the SDLC.
• Work closely with QA and testing teams to support both manual and automated security testing efforts.
• Provide recommendations for secure coding practices and vulnerability remediation.
• Stay current with emerging Java security threats vulnerabilities and industry best practices.
• Support the improvement of secure software development lifecycle (SDLC) processes.
• Assist in responding to security incidents involving Java vulnerabilities and published NIST CVEs.
• Prepare detailed security assessment reports including technical findings risk analysis and remediation recommendations.
• Communicate security findings effectively to both technical and non-technical stakeholders.
• Contribute to the development of security standards and policies related to Java development and deployment.
• Analyze URLs query parameters browser data tokens cache behavior and production vs. non-production environments for potential penetration paths.
• Apply knowledge of the MITRE ATT&CK Framework during security assessments.

Required Qualifications

• Bachelors degree in Computer Science Information Security Software Engineering or a related field.
• Minimum 6 years of experience in Development and/or Security roles.
• Prior experience in DevSecOps or application security within large-scale enterprise environments.
• Strong hands-on experience with Core Java development.
• Experience performing penetration testing and ethical hacking focused on Java applications.
• Strong understanding of web application security principles and OWASP standards.
• Knowledge of common web vulnerabilities including SQL Injection Cross-Site Scripting (XSS) and related exploit techniques.
• Experience using penetration testing tools such as Burp Suite and Metasploit.
• Familiarity with Fortify on Demand SAST and DAST tools.
• Understanding of cryptography and secure communication protocols such as SSL/TLS.
• Strong analytical troubleshooting and problem-solving skills.
• Excellent written and verbal communication skills.
• High ethical standards and ability to handle confidential information.

Technical & Soft Skills

Technical Skills

• Core Java
• Penetration Testing
• Ethical Hacking
• Application Security
• DevSecOps
• OWASP Security Standards
• Burp Suite
• Metasploit
• Fortify on Demand (SAST/DAST)
• SQL Injection & XSS Testing
• Cryptography
• SSL/TLS
• MITRE ATT&CK Framework
• API Testing
• Secure Code Review
• Vulnerability Assessment
• SDLC Security Integration

Preferred Skills

• Security certifications such as OSCP GWAPT GXPN GPEN LPT CEH CISSP or equivalent
• Python or Bash scripting
• Cloud security testing
• Mobile application penetration testing
• Knowledge of HIPAA compliance requirements

Soft Skills

• Strong communication and documentation skills
• Collaboration with cross-functional teams
• Critical thinking and analytical mindset
• Attention to detail
• Professional integrity and confidentiality