Application Security Engineer

Confidential company is seeking a Manual Web Application Penetration Tester to perform manual application penetration testing. The role involves evaluating application business logic, conducting threat modeling, and engaging with both technical and non-technical audiences to articulate testing processes and results.

Responsibilities:

• Perform manual Application penetration testing against API’s (REST/SOAP), Web Applications, Mobile applications, and thick client applications
• Perform threat modeling, evaluate application business logic, and perform application architecture reviews
• Ability to demonstrate application testing experience in real time via demos to both internal and external audiences
• Ability to perform objective based, abstract penetration testing engagements
• Ability to develop and exploit POCs
• Act independently in penetration testing engagements, with minimal oversight and guidance
• Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options

Requirements:

• Minimum 5 years of recent experience in application penetration testing of API's, web applications and mobile applications
• Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations
• Experience with burp suite pro, and other app testing tools such as Netsparker
• Bachelor's degree from an accredited college/university or equivalent industry experience
• Manual penetration testing
• Web application testing
• API testing
• REST / SOAP
• Burp Suite Pro
• OWASP Top 10
• Business logic testing
• Threat modeling
• POC development
• Burp Suite
• Netsparker
• OWASP ZAP
• Postman (for API testing)
• One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA
• OSWE
• OSWA
• GWAPT
• CREST