Penetration Tester/ Application Security Engineer - REMOTE

*NOTE: REMOTE - Manual web application penetration testing

*NOTE: REMOTE - Manual web application penetration testing

*NOTE: REMOTE - Manual web application penetration testing

Title: Application Security Engineer/ Penetration Tester

Location: 100% Remote

Duration: 6-12 months contract (high possibility of potential extension)

JOB DESCRIPTION

Must Have:-

• Seeking candidates with solid expertise in Manual web application penetration testing and Manual secure code review.
• Expertise is performing Manual Test Case Scenarios is a must.
• Identification of Vulnerabilities in Source Codes manually is a must.
• We are not looking for tool dependent SAST and DAST resources.
• False positives review post SAST & DAST tool-based scanning will not be considered.

Key Areas:-

• Perform manual security code review against common programming languages (Java, .NET)
• Perform manual application penetration tests on one or more of the following to discover and exploit vulnerabilities: web applications, internal applications, APIs, internal and external networks, and mobile applications
• Formal programming experience is a must in Java/c# at least 6 months
• Create new testing methods to identify vulnerabilities and entry points that attackers may use to exploit applications, networks, and systems

Good to Have:

• One or more major ethical hacking certifications not mandatory but preferred; GWAPT, CREST, OSCP, OSWE, OSWA
• Provide technical leadership and advice to team members on penetration test engagements
• Converse with technical and non-technical audiences to articulate both testing processes, techniques and results
• Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests