Employer Active
Preferences
Web application development or source code review experience.
Strong knowledge of Windows and Linux operating systems.
Working knowledge of containerized applications and containerbased security controls and configurations.
Possess current professional certification (i.e. GWAPT OSCP OSCE GPEN)
Prefer Dallas Location as a first choice however can also be Charlotte or Malvern
Responsibilities
Conduct assessments of web applications mobile applications databases clientside applications and tools and APIs.
Execute manual and automated code analysis to assess the quality and security of source code.
Perform preassessment research and preparation including reconnaissance documentation and configuration review and customer interviews.
Develop custom tools and exploits.
Analyze security findings including risk analysis and root cause analysis.
Generate comprehensive reports including detailed findings exploitation procedures and mitigations.
Develop and deliver walkthrough(s) proof(s) of concept (PoCs) articles and formal presentations.
Execute verification and validation testing for customer mitigations and fixes.
Qualifications
Experience in performing penetration testing on enterprise web applications microservice and mobile applications.
Familiarity with common web vulnerabilities including: XSS XXE SQL Injection Deserialization Attacks File Inclusion/Path Traversal Attacks Serverside Request Forgery Remote Execution Flaws Server Configuration Flaws and Authentication Flaws.
Experience in testing webbased APIs (i.e. REST SOAP XML JSON).
Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
Experience developing actionable intelligence based on opensource intelligence (OSINT) gathering.
Experience with 1 or more scripting languages such as Bash Python Perl PowerShell etc.
Solid understanding of OWASP testing methodology.
Familiarity with frontend web application frameworks (i.e. AngularJS Bootstrap etc.).
3 years of experience using Burp Suite Pro or equivalent application (e.g. ZAP
Full Time