Application Penetration Tester

As an Application Security Penetration Tester, you will be entrusted with the critical responsibility of safeguarding web applications and REST APIs from potential threats. Your role will require a deep understanding of the OWASP Top 10 and SANS 25, as these frameworks will guide your efforts in identifying and mitigating security vulnerabilities.

Your daily tasks will involve performing thorough security assessments of third-party libraries, analyzing dependencies, and conducting both automated and manual code reviews. You will be adept at uncovering a range of security issues, including Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection, and Privilege Escalation, and you will not only identify these vulnerabilities but also provide actionable recommendations for remediation. Mastery of tools like BurpSuite is essential, as it will be your primary instrument in executing dynamic and penetration security testing. Furthermore, you will be expected to write comprehensive reports that detail your findings and suggest enhancements to bolster system security.

In this role, you will also serve as a pivotal bridge between development teams and stakeholders, ensuring that security requirements are clearly communicated and understood. Your ability to define, maintain, and enforce application security best practices will be crucial in maintaining the integrity of the software development lifecycle. You will be involved in software security architecture and design reviews, ensuring that security is integrated from the ground up. Familiarity with Continuous Integration and Continuous Deployment (CI / CD) is necessary, as you will be responsible for integrating and automating security tools within DevOps processes.

Required Skills :

Serve as a liaison between development teams and stakeholders to understand and formulate security requirements.

Define, maintain, and enforce application security best practices.

Deep understanding of OWASP Top 10, SANS 25

Perform third-party libraries security assessment and dependency analysis.

Conduct vulnerability assessment and manual / automated code review of Java and Scala applications to find security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation.

Analyze scan reports from varied tools (SAST, DAST and SCA) to identify the issues, interpretate, and provide recommendation to remediate the vulnerabilities across a variety of applications, programming languages, and platforms

Conduct static, dynamic and penetration security testing of Web Applications and REST APIs.

Performs software security architecture and design reviews.

Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.

Identify and demonstrate vulnerabilities to application owners and recommend remediation for security vulnerabilities.

Knowledge of scripting language to integrate and automate security tools within DevOps CI / CD processes.

Required Experience :

3 years of experience in Secure Code Review, specifically with languages such as Scala, Java, JavaScript and Spring Framework

3 years of practical experience with Static Analysis Security Testing (SAST) and Dynamic Analysis Security Testing (DAST),

3+ years of hands-on experience with manual penetration testing of Web Applications and REST APIs using BurpSuite Pro and Postman / Bruno

Deep understanding of Secure Coding best practices and DevSecOps principles

Proficiency of OWASP Top 10 and SANS 25 standards and testing guidelines

Knowledge of Continuous Integration and Continuous Deployment (CI / CD), AWS Security principles, Jenkins and GitHub

Desired Certification : GPEN, GWAPT, OSCP, or CompTIA PenTest+

#cjpost