Overview
On Site
Depends on Experience
Contract - Independent
Contract - 12 Month(s)
Skills
Execute custom payloads and exploits to demonstrate risk severity to stakeholders.Develop proof-of-concept (PoC) exploits to validate identified vulnerabilities.Emulate attacker tactics
techniques
and procedures (TTPs) from MITRE ATT&CK and CWE references.
Job Details
Key Responsibilities:
- Penetration Testing & Vulnerability Assessment
- Perform manual and automated penetration testing on web, mobile, and API endpoints.
- Use Burp Suite Professional extensively for intercepting, modifying, and exploiting HTTP/S traffic.
- Conduct source code-assisted testing when applicable to identify deeper logic flaws.
- Simulate real-world attack scenarios using OWASP Top 10, SANS 25, and API Security Top 10 frameworks.
- Identify authentication, authorization, session management, and input validation flaws.
- API Security Testing
- Perform REST and GraphQL API penetration testing, including JWT, OAuth, and token manipulation.
- Validate business logic vulnerabilities and parameter tampering across microservices.
- Use tools such as Postman, Burp Suite, and OWASP ZAP for fuzzing, interception, and payload injection.
- Validate API schema misconfigurations, rate limiting, and data exposure issues.
- Offensive Security & Exploitation
- Execute custom payloads and exploits to demonstrate risk severity to stakeholders.
- Develop proof-of-concept (PoC) exploits to validate identified vulnerabilities.
- Emulate attacker tactics, techniques, and procedures (TTPs) from MITRE ATT&CK and CWE references.
Perform targeted assessments on authentication bypass, privilege escalation, and input deserialization
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.