Application Penetration Tester

Job Details

As an Application Security Penetration Tester, you will be entrusted with the critical responsibility of safeguarding web applications and REST APIs from potential threats. Your role will require a deep understanding of the OWASP Top 10 and SANS 25, as these frameworks will guide your efforts in identifying and mitigating security vulnerabilities.

Your daily tasks will involve performing thorough security assessments of third-party libraries, analyzing dependencies, and conducting both automated and manual code reviews. You will be adept at uncovering a range of security issues, including Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), SQL Injection, and Privilege Escalation, and you will not only identify these vulnerabilities but also provide actionable recommendations for remediation. Mastery of tools like BurpSuite is essential, as it will be your primary instrument in executing dynamic and penetration security testing. Furthermore, you will be expected to write comprehensive reports that detail your findings and suggest enhancements to bolster system security.

In this role, you will also serve as a pivotal bridge between development teams and stakeholders, ensuring that security requirements are clearly communicated and understood. Your ability to define, maintain, and enforce application security best practices will be crucial in maintaining the integrity of the software development lifecycle. You will be involved in software security architecture and design reviews, ensuring that security is integrated from the ground up. Familiarity with Continuous Integration and Continuous Deployment (CI/CD) is necessary, as you will be responsible for integrating and automating security tools within DevOps processes.

Required Skills:

• Serve as a liaison between development teams and stakeholders to understand and formulate security requirements.
• Define, maintain, and enforce application security best practices.
• Deep understanding of OWASP Top 10, SANS 25
• Perform third-party libraries security assessment and dependency analysis.
• Conduct vulnerability assessment and manual/automated code review of Java and Scala applications to find security vulnerabilities (CSRF, XSS, SQL Injection, Privilege Escalation, etc.) and recommend remediation.
• Analyze scan reports from varied tools (SAST, DAST and SCA) to identify the issues, interpretate, and provide recommendation to remediate the vulnerabilities across a variety of applications, programming languages, and platforms
• Conduct static, dynamic and penetration security testing of Web Applications and REST APIs.
• Performs software security architecture and design reviews.
• Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.
• Identify and demonstrate vulnerabilities to application owners and recommend remediation for security vulnerabilities.
• Knowledge of scripting language to integrate and automate security tools within DevOps CI/CD processes.

Required Experience :

• 3 years of experience in Secure Code Review, specifically with languages such as Scala, Java, JavaScript and Spring Framework
• 3 years of practical experience with Static Analysis Security Testing (SAST) and Dynamic Analysis Security Testing (DAST),
• 3+ years of hands-on experience with manual penetration testing of Web Applications and REST APIs using BurpSuite Pro and Postman/Bruno
• Deep understanding of Secure Coding best practices and DevSecOps principles
• Proficiency of OWASP Top 10 and SANS 25 standards and testing guidelines
• Knowledge of Continuous Integration and Continuous Deployment (CI/CD), AWS Security principles, Jenkins and GitHub

Desired Certification : GPEN, GWAPT, OSCP, or CompTIA PenTest+

#cjpost

Job Requirements:

• Execute test cases and test scripts
• Develop test scenarios, test cases, and test scripts
• Develop test scenarios/test cases and test scripts
• Writing test cases and linking test cases to test requirements
• Developing test plans and test cases
• Create test artifacts and test software
• Maintain test cases and test data
• Implement testing plans and test cases and present testing results
• Execute the test cases and conduct regression testing
• Develop test plans, test strategy, and test cases
• Develop scripts for regression testing
• Developing systems test plans, test cases and/or test procedures
• Maintain test cases in proper testing tools
• Optimize test scripts using standard test automation tools
• Discovered while testing using test management software tool
• Develop test plans/procedures for software integration test conduct
• Develop thorough test plans, test specifications, test cases and/or test scripts for each software release based on defined testing standards
• Maintain manual and automated test scripts for software
• Manage and execute testing for all test cases
• Creating and executing regression testing, test plans