Web Application Security Tester

Web Application Security Tester

Job Locations

US-GA-Smryna

Job ID

2025-2014

Category

CyberSecurity

Type

Regular Full-Time

Clearance Required

Secret

Overview

Title : Web Application Security Tester

Location : Herndon, VA- Remote in States Foxhole is registered to do business

Clearance : Active DoD Secret

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise - across the organization and around the world.

Support the Web Application Security Program (WASP) mission to ensure that security is integrated systematically and comprehensively throughout the Software Development Life Cycle (SDLC).

Job Description

Perform security reviews of web application architectures, APIs, and supporting infrastructure.

• Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) using industry-standard tools.
• Conduct application spidering, fuzzing, and business logic abuse testing to identify vulnerabilities.
• Execute Web Application Penetration Testing against modern frameworks (e.g., React, Angular, Node.js, Django, Flask, .NET Core).
• Test APIs using REST and GraphQL fuzzing, schema validation, and security automation.
• Identify and validate vulnerabilities such as :
• OWASP Top 10
• Business Logic flaws
• API Security vulnerabilities (OWASP API Top 10)
• Authentication and authorization weaknesses
• Deserialization and injection flaws
• Conduct manual exploit validation beyond automated tool output to reduce false positives.
• Develop and maintain test automation scripts using frameworks like Burp Suite Extender API, ZAP scripting, and custom Python tools.
• Integrate security testing into CI / CD pipelines using GitLab CI, GitHub Actions, Jenkins, or Azure DevOps.
• Utilize SCA (Software Composition Analysis) tools to identify vulnerable dependencies (e.g., Snyk, Dependency-Check, Black Duck).
• Implement the Common Weakness Scoring System (CWSS) and assist in Common Vulnerability Scoring System (CVSS) ratings for prioritization.
• Generate technical reports and provide remediation guidance to developers, system owners, and ISSOs.
• Provide monthly and annual program metrics including trends in vulnerability classes, remediation timelines, and residual risk.

Minimum Requirements

Required Tools & Hands-On Skills

Web Security Testing & Automation : Burp Suite Pro, OWASP ZAP, Postman, Fiddler, mitmproxy.

Desired Experience / Certifications

More Information

Requirements of position : Think analytically, effective verbal and written communication skills, make decisions, observe / remember details, interpret data, concentrate on tasks, adjust to change, handle stress / emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard / type, handle confidential information, use math / calculations, stay organized, operate office equipment, may direct others. May be exposed to dust / dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military / veteran status, or any other protected class.

Need help finding the right job?

We can recommend jobs specifically for you!

Click here to get started.