Confidential company is seeking a Manual Web Application Penetration Tester to perform manual application penetration testing. The role involves evaluating application business logic, conducting threat modeling, and engaging with both technical and non-technical audiences to articulate testing processes and results.
Responsibilities:
- Perform manual Application penetration testing against API’s (REST/SOAP), Web Applications, Mobile applications, and thick client applications
- Perform threat modeling, evaluate application business logic, and perform application architecture reviews
- Ability to demonstrate application testing experience in real time via demos to both internal and external audiences
- Ability to perform objective based, abstract penetration testing engagements
- Ability to develop and exploit POCs
- Act independently in penetration testing engagements, with minimal oversight and guidance
- Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options
Requirements:
- Minimum 5 years of recent experience in application penetration testing of API's, web applications and mobile applications
- Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations
- Experience with burp suite pro, and other app testing tools such as Netsparker
- Bachelor's degree from an accredited college/university or equivalent industry experience
- Manual penetration testing
- Web application testing
- API testing
- REST / SOAP
- Burp Suite Pro
- OWASP Top 10
- Business logic testing
- Threat modeling
- POC development
- Burp Suite
- Netsparker
- OWASP ZAP
- Postman (for API testing)
- One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA
- OSWE
- OSWA
- GWAPT
- CREST