Penetration Automation Tester

Hybrid in Albany, NY, US • Posted 10 hours ago • Updated 4 hours ago
Contract W2
12 Months
Hybrid
Depends on Experience
Fitment

Dice Job Match Score™

🧠 Analyzing your skills...

Job Details

Skills

  • Penetration Tester
  • Penetration Automation Tester
  • API QA
  • Analytical Skill
  • Automated Testing
  • Bash
  • Burp Suite
  • CISSP
  • Caching
  • Certified Ethical Hacker
  • Cloud Security
  • Code Review
  • Collaboration
  • Communication
  • Computer Science
  • Conflict Resolution
  • Cryptography
  • FOCUS
  • Fortify
  • GPEN
  • HIPAA
  • Information Security
  • Java
  • Metasploit
  • Mobile Applications
  • OSCP
  • OWASP
  • Penetration Testing
  • Problem Solving
  • Python
  • Reporting
  • Risk Assessment
  • SEC
  • SQL
  • SSL
  • Scripting
  • Software Architecture
  • Software Development Methodology
  • Software Security
  • TLS
  • Testing
  • Web Application Security
  • Web Browsers
  • White Hat

Summary

We are seeking a skilled Penetration Tester with a focus on Java application security to identify, exploit, and fix vulnerabilities in Java applications to guard against cyber threats.

Key Responsibilities:

  • Conduct penetration tests and vulnerability assessments for Java applications and infrastructure.
  • Identify security flaws in Java code using automated and manual methods.
  • Create and use custom exploits to test application security, simulating attacker tactics.
  • Collaborate with Development teams to understand application architecture and find security weaknesses early.
  • Collaborate with Testing teams to integrate with manual and automation testing.
  • Provide guidance on secure coding and how to fix vulnerabilities.
  • Stay updated on Java security threats and best practices.
  • Help improve secure development processes (SDLC).
  • Assist in responding to security incidents related to Java vulnerabilities, current published NIST CVE.
  • Clearly document and report findings, including technical details, risk assessment, and recommended solutions.
  • Communicate findings and recommendations to both technical and non-technical staff.
  • Contribute to security policies for Java development and deployment.
  • Manipulate URLs, query parameters and Application browser data to look for penetration avenues. Validate and asses browser tokens and cache manipulation and Production vs. none prod architecture.
  • Familiar with MITRE ATT&CK Framework.

Required Qualifications:

  • Bachelor s degree in a related software field with 6+ years in a Dev Sec role.
  • Core Java coding experience.
  • Previous job background as an engineer and Dev Sec position on a large scale public enterprise scale application.
  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • Minimum of 6 years of Development/Security experience
  • Experience in Penetration Testing/Ethical Hacking with a focus on Java application security.
  • Strong knowledge of Java programming and its security practices as well as scripting experience.
  • Proficiency in web application security principles (e.g., OWASP).
  • Knowledge of common web vulnerabilities (e.g., SQL injection, XSS) and exploit techniques.
  • Experience with penetration testing tools like Burp Suite, Metasploit.
  • Familiarity with Fortify on Demand SAST and DAST tools.
  • Strong understanding of cryptography and secure communication protocols (e.g., SSL/TLS).
  • Excellent problem-solving and analytical skills.
  • Strong communication skills.
  • High ethical standards and confidentiality.

Desired Qualifications:

  • Certifications such as OSCP, GWAPT, GXPN, GPEN, LPT, CEH, CISSP or other industry security certifications.
  • Experience with scripting languages (e.g., Python, Bash).
  • Experience with secure code review for Java.
  • Familiarity with cloud security testing.
  • Experience with mobile application penetration testing.
  • Knowledge of regulations like HIPAA.
  • Experience with API testing
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 91097274
  • Position Id: 9023321
  • Posted 10 hours ago
Contact the job poster
Nikhil Gabriel

Nikhil Gabriel

Techincal Recruiting Manager @ Donato Technologies Inc
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Albany, New York

Today

Easy Apply

Contract

Remote

10d ago

Easy Apply

Contract

Up to $70

Remote

6d ago

Easy Apply

Full-time

$180,000 - $200,000

Remote

Today

Full-time

Search all similar jobs