• Location: USA, Washington, Bellevue
  • Date Posted: 18th Dec, 2018
  • Reference: 121820180


Penetration Tester (Application Security Tester)

Location: Bellevue, WA

Contract

Required Qualifications

  • Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.


  • Functional API Testing with Postman, Newman and BlazeMeter


  • Fortify Web Inspect (Expertise: Advanced, must be able to automate where possible)
  • Nessus
  • Nmap
  • Veracode
  • Burp Suite
  • ZED attack proxy
  • SCAP
  • Threat Modeling (e.g. STRIDE)
  • Must be very well versed with OWASP Top 10 vulnerabilities and must demonstrate to exploit such vulnerabilities in mobile, web and console applications.






Preferred Qualifications
  • Extensive experience developing in Java, Python, JavaScript (i.e. NodeJS, AngularJS), TypeScript variants (i.e. Angular 2+), and common scripting languages (i.e. Bash).
  • Deep experience working with XML and web services, including SOAP and REST.
  • Thorough understanding of coding concepts such as: authentication mechanisms, data serialization.
  • Thorough understanding of application architectures such as: n-tier, client and server/API, Postman, microservices, etc.
  • Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
  • Provide subject matter expertise and mentorship on architecture, authentication and system security.
  • Develops and implement manual and automated web application security testing of web applications to enforce security standards.
  • Works with security product vendors and service providers to evaluate their security offerings.
  • Must be familiar with the below Tool sets:
  • Understanding of both application and network layer security considerations and how to fix them such as: buffer overflow, ToC vs. ToU, input validation, encapsulation, insecure protocols, MITM attacks, SQLi, etc.
  • Ability to work well both independently as well as within a team.
  • Excellent verbal, written, and interpersonal communications skills.
  • Ability to handle several tasks, be organized, make decisions, and work efficiently/effectively under deadlines.




Qualifications

  • Bachelor of Science with 3+ years of experience in cybersecurity
  • CEH, CISSP/GIAC preferred
  • Hall of Fame - from Facebook, Google, Apple or any bug bounty programs.