Penetration Tester (Web Application) – 100% Remote

  • Contract
  • Anywhere
Job Title: Penetration Tester (Web Application)
Location: 100% Remote (Must be able to work in PST hours)
Duration: 3+ months (This project gets renewed yearly, so it is a long term)
Contract Type: W2
 
What you’ll do:

  • Work as part of a team delivering application and network security assessments to our clients both remotely and on-site.
  • Perform web application penetration testing, code reviews, and/or network penetration testing.
  • Manage project tasks and deadlines on a multi time zone team.
  • Create unique tools to assist in project goals.
  • Exploit vulnerabilities found in client systems; and then clearly communicate complex vulnerabilities to both technical and non-technical client staff.
  • Create comprehensive technical reports explaining technical and business risk of the vulnerabilities found. This includes actionable recommendations/considerations for the client.
  • Participate in project conference calls with clients and on business development calls in support of sales activities.
  • Create and lead technical customer presentations.
  • Provide technical leadership/mentorship to the consulting team and to our clients on security topics.
  • Contribute to the security industry through presentations, whitepapers and/or research.

 
What you bring:

  • 5+ years of customer-facing consulting in the field of Penetration Testing of dynamic web applications. It is strongly desired that this experience includes development and/or code auditing.
  • Background in web application development and/or code auditing strongly preferred
  • Performance of secure code reviews (e.g. JC, Java, Python, JavaScript, Kotlin, Swift, Objective C)
  • Working knowledge with scripting languages (e.g. Python, Perl, PHP, Ruby)
  • Working knowledge with Programming language (e.g. C, Java, Python, JavaScript, Kotlin, Swift, Objective C)
  • Proficiency in Mac OS X, Linux, and/or other flavors of UNIX
  • Working knowledge in basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback
  • Demonstrating high ethical standards
  • Applying sound security testing methodologies
  • Strong verbal & written communication skills

 
Required technical skills: 

  • Enterprise application penetration testing
  • Network penetration testing
  • Strong working knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities such as XXE, XXS, SQLi
  • Manually penetration testing of Network & Web application
    • Mobile application penetration testing (iOS and Android)
    • Web Services penetration testing (RESTful and SOAP)
    • Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
  • As a senior security consultant, you have produced research papers, created/delivered presentations, and/or contributed to blogs/industry postings that establish you as an industry leader.
  • Passion for discovering and researching new vulnerabilities and exploitation techniques
  • Must be able to work and be available in the Pacific Standard Time Zone.

Interested candidates please send your latest resume to sarath@mindsource.com

To apply for this job please visit www2.jobdiva.com.