Web Application Penetration Tester

Job Description

We are excited to share a highly rewarding and hands-on opportunity for a skilled and experienced Web App Penetration Tester to join our Technical Consulting Team. As part of our team, you will be responsible for conducting penetration tests, vulnerability assessments, and reporting findings to help detect legacy and bleeding-edge security vulnerabilities in enterprise environments.

You should have a firm grasp of networking, system administration, and web application security. The ability to think outside the box and go beyond conventional attack paths and exploits is highly valued by our team.
As part of this team, the successful application will have oversight and responsibility over assigned Penetration Testing engagements, Web Application Penetration Tests, SilverSky’s Penetration Testing as a Service (PTaaS) offering, as well as SilverSky’s Continuous Validation and Red Teaming services.
This will be a remote position for the ideal candidate.

Penetration Tester Essential Duties and Responsibilities: (Additional duties may be assigned as required)

• Scope and perform a variety of penetration tests, specializing in Web Applications.
• Perform API testing, Mobile App testing, and Source Code Reviews.
• Keep cybersecurity training and knowledge current by monitoring the latest security threats and vulnerabilities.
• Write clear and concise penetration testing reports detailing findings and recommendations for remediation of identified vulnerabilities and perform debriefs with customers.
• Coordinate and lead client kick-off and discovery sessions to answer questions from prospects and clients.
• Work collaboratively and independently with teammates to provide professional services to our clients.
• Use offensive security expertise to research relevant tactics, techniques, and procedures for assessing and validating weaknesses in various infrastructure and technologies including cloud technologies.
• Develop and Automate testing tools.
• Identify and provide improvements on existing services, including continuous improvement of existing methodologies, tools and reports.
• Serve as a mentor to other Penetration testers and support them in their work.
• Assist in pre-sales efforts as a penetration testing subject-matter expert.

Essential Skills / Experience:

• Minimum 3+ years’ experience as a penetration tester. Web application testing and API testing experience is desirable.
• Relevant web application security qualifications (OSWA, OSWE, GWAPT etc.).
• Strong experience with web application pen testing methodologies, such as OWASP’s WSTG.
• Strong experience with web application pen testing toolsets, such as Burp Suite.
• Strong experience in identifying and exploiting web application vulnerabilities.
• Strong experience in at least one development and one scripting language.
• Knowledge of various operating systems and networks, especially experience with Linux, Windows, and Active Directory is desirable.
• Strong communication and report-writing skills in English.

Preferred Skills:

• Experience in a consulting role.
• Experience in network penetration testing including Active Directory environments.

To perform this job successfully, the ideal candidate must be able to perform each essential duty satisfactorily.