Application Penetration Tester

Candidates that are fake or misrepresenting themselves are a major problem for our clients.

Please provide the candidate's personal email address (NOT the one they use for the job search) and personal phone number (NOT a Google voice number or other VOIP number).

If a candidate doesn't pass an identity check they will not be considered.

Details Needed for Submission:

Full Name:

Work Authorization

Rate:

Current Location:

PERSONAL Phone Number: This is critical to pass the identity check

PERSONAL Email: This is critical to pass the identity check

University or College:

Notice needed to start:

Vaccination status:

LINKED-IN:

Industry: Financial

Location: Dallas, TX is preferred. Client will also consider Malvern, PA and Charlotte, NC.

Hybrid: 3 days on-site, 2 days remote per week

Length: 1 year +

Rate: Up to $63/H Corp (ABSOLUTE MAX)

Interview Process: 2 steps

Start/On-boarding Process:

Once offer is made they will do a background check (they run) that includes:

- 10 years background

- Drug test

- Finger Printing

* Timeline is 2-3 weeks from offer to start based on background process

Work Authorizations Accepted: H1B, EAD, OPT, TN visas, Citizens and Greencard holders

REQUIREMENTS

*Solid experience with Application Penetration Testing

• Well-versed in threat modeling concepts including tooling associated with it
• Able to communicate vulnerabilities in terms of risk and potential mitigations.
• Firm understanding of DevSecOps / Pipeline scanning technologies.
• Need to have hands-on manual web/application/api penetration testing
• In depth understanding of all OWASP Top 10 vulnerabilities and associated OWASP Web Security Testing Guide

WHAT THEY DON'T WANT

1. DevSecOps security scanning tools with some knowledge on manual testing techniques (not what we need).
2. Hands on experience network penetration testing with very limited app testing (not what we need).

JOB DESCRIPTION

Day to day:

* Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.

* Execute manual and automated code analysis to assess the quality and security of source code.

* Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.

* Develop custom tools and exploits.

* Analyze security findings, including risk analysis and root cause analysis.

* Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.

* Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.

* Execute verification and validation testing for customer mitigations and fixes