Overview
On Site
Accepts corp to corp applications
Contract - Independent
Contract - W2
Contract - months contract
Skills
Penetration Tester
Job Details
Penetration Tester Technical Lead
McLean,VA Onsite Locals preferred
12 months contract
Team is responsible to test the overall strength of our organization s defenses (the technology, the processes, and the people) by simulating the objectives and actions of an attacker.
We are seeking an Information Security Tech Lead to assist the team by providing subject matter expertise in Penetration testing of Infrastructure and Networks, Web Applications, Cloud and Social engineering, and Purple Team.
In this role, the candidate will provide enhanced vulnerability analysis and contextual feedback to stakeholders to support the resolution of discovered vulnerabilities and facilitate risk awareness.
Responsibilities include:
Penetration Testing and Red Team assessments
Lead and perform web application penetration assessments, collaborating with stakeholders to scope engagements, translate complex security concepts, and provide tailored remediations
Proactively search for vulnerabilities in web applications, web APIs, cloud environments, etc. throughout Freddie Mac
Work together with other Red Team members to integrate web application security into broader threat emulation scenarios
Develop and maintain scripts, tools, and methodologies to enhance processes and capabilities
Provide mentorship and technical guidance to less experienced team members
Contribute to the development and improvement of security policies, standards, and guidelines
Develop Team Capabilities and Leadership
Generate innovative ideas and challenge the status quo
Develop scripts, tools, or methodologies to enhance the Red teaming processes and capabilities
Participate in and actively support mentoring with other members of the team
Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
Qualifications
8-10 years of relevant experience in web application penetration testing
One or more technical certifications: OSWA, OSWE, Burp Suite Certified Practitioner, eWPT, eWPTX
Ability to critically examine web applications to identify, exploit, and remediate vulnerabilities (SQL injection, XSS, SSRF, CSRF)
Solid understanding of related web technologies (HTTP, DNS, HTML, JavaScript, REST, GraphQL, Java, .NET, SQL/noSQL, OAuth) and infrastructure (cloud native, containers, proxies, webservers, PaaS)
In-depth knowledge of secure development practices (DevSecOps, secure code review) and security frameworks (OWASP, CWE, MITRE)
Proficient with common web application penetration testing tools (Burp Suite, Project Discovery, sqlmap)
Familiarity with WAF bypasses
Must be willing to work east coast hours
Key to success in this role
Web-related public research (advisories, disclosures)
Previous Bug Bounty or vulnerability disclosure experience
Proficiency in at least one scripting or programming language (Python, JavaScript, C#, Java)
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.