• Location: USA, Washington, Bellevue
  • Date Posted: 4th Dec, 2018
  • Reference: 012042018


Penetration Tester (Application Security Tester)

Location: Bellevue, WA

Contract

Required Qualifications

  • Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.


  • Functional API Testing with Postman, Newman and BlazeMeter


  • Fortify Web Inspect (Expertise: Advanced, must be able to automate where possible)
  • Nessus
  • Nmap
  • Veracode
  • Burp Suite
  • ZED attack proxy
  • SCAP
  • Threat Modeling (e.g. STRIDE)
  • Must be very well versed with OWASP Top 10 vulnerabilities and must demonstrate to exploit such vulnerabilities in mobile, web and console applications.






Preferred Qualifications
  • Extensive experience developing in Java, Python, JavaScript (i.e. NodeJS, AngularJS), TypeScript variants (i.e. Angular 2+), and common scripting languages (i.e. Bash).
  • Deep experience working with XML and web services, including SOAP and REST.
  • Thorough understanding of coding concepts such as: authentication mechanisms, data serialization.
  • Thorough understanding of application architectures such as: n-tier, client and server/API, Postman, microservices, etc.
  • Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
  • Provide subject matter expertise and mentorship on architecture, authentication and system security.
  • Develops and implement manual and automated web application security testing of web applications to enforce security standards.
  • Works with security product vendors and service providers to evaluate their security offerings.
  • Must be familiar with the below Tool sets:
  • Understanding of both application and network layer security considerations and how to fix them such as: buffer overflow, ToC vs. ToU, input validation, encapsulation, insecure protocols, MITM attacks, SQLi, etc.
  • Ability to work well both independently as well as within a team.
  • Excellent verbal, written, and interpersonal communications skills.
  • Ability to handle several tasks, be organized, make decisions, and work efficiently/effectively under deadlines.




Qualifications

  • Bachelor of Science with 3+ years of experience in cybersecurity
  • CEH, CISSP/GIAC preferred
  • Hall of Fame - from Facebook, Google, Apple or any bug bounty programs.

Similar Jobs

Node.JS Technical Lead
USA, Washington, Bellevue

Microservices Architect
USA, Washington, Bellevue

Machine Learning Engineer
USA, Washington, Bellevue

Penetration Tester
USA, Washington, Bellevue