Web Application Penetration Tester

Overview

On Site
Depends on Experience
Contract - W2

Skills

Penetration Testing
OWASP
Java
Spring
Oracle

Job Details

Job ID: CR286

Position: : Web Application Penetration Tester

Location: Pleasanton, CA 94588-Hybrid

Duration: 12+ months Contract

Note: Location-Looking for a local candidate who can be in the Pleasanton office as needed

Job Description:

The Web Application Penetration Tester will perform the manual penetration testing of mission critical web application to discover vulnerabilities and propose remediations to the development team.
  • The Web Application Penetration Tester is expected to:
  • Conduct penetration tests on web pages to identify and exploit security vulnerabilities.
  • Document the findings and provide techniques and solutions to remediate vulnerabilities.
  • Work closely with the development team to implement remediations/solution and verify fixes.
  • Plan and manage all aspects of the penetration testing function.
  • Mentor the development team in building and securing web applications using OWASP and other mainstream frameworks.
DELIVERABLES OR TASKS:
Provide primary development for CARE modules:
  • Conduct details penetration tests using common frameworks such as OWASP to discover vulnerabilities.
  • Work closely with the development team to remediate vulnerabilities.
  • Develop automation scripts to re-run security tests and ensure that new vulnerabilities are caught before they are deployed to higher environments.
  • Assist the development team in ensuring that applications are securely designed and developed.
  • Promote high quality, scalability, and timely completion of projects.
  • Ensure that all project documentation is produced in the standard format, that it follows internal documentation.
  • Serve as subject matter expert for all matters related to web application security.
  • Create, test, and implement code changes and integrate them with existing programs as needed.
  • Coordinate meetings/communications with the Claims User Community, as needed.
  • Ensure that all I.T. requirements (documentation, sign-off, and approvals) are completed as per State Fund s System Engineering Handbook.
  • Provide timely and effective reporting on status of projects.
Provide primary support for CARE modules:
  • Perform peer code reviews and provide feedback.
  • Work with cross functional teams, including Business, QA, and Operations.
  • Work closely with Business Users to scope and draft functional requirements.
  • Help Users to create test cases, use cases and help with functional testing.
  • Debug the system for certain behavior of the feature(s) and explain it to the Users.
TECHNICAL KNOWLEDGE AND SKILLS:
  • Advanced knowledge web application penetration testing.
  • In-depth knowledge of OWASP Top 10 and other frameworks.
  • Experience and willingness to work in a fast-paced environment.
  • Development experience in an enterprise-class system with multi-tier architecture
  • Proficient knowledge of Java, Spring, and Oracle.
  • Working knowledge of Linux and Windows
  • Extensive knowledge of and proven experience with penetration testing of web applications, and methods and frameworks for identifying and remediating vulnerabilities.
  • Strong knowledge in project management practices and ability to document processes and procedures as needed.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.