Penetration Tester

Location: 100% Remote within United States

Overview:
We are seeking a highly skilled Application Penetration Tester to join our client's team in a long-term contract position. This role involves performing hands-on application penetration testing, identifying security vulnerabilities, and working with application teams to remediate security issues. The ideal candidate will have a deep understanding of advanced application security issues and experience with various security testing tools.

Key Responsibilities:

• Conduct hands-on application penetration testing, focusing on identifying and exploiting security vulnerabilities.

• Demonstrate in-depth knowledge of OWASP Top 10 and advanced application security issues such as Server-Side Request Forgery (SSRF) and Domain Takeover.

• Clearly articulate security risks to application teams and provide guidance on remediation strategies.

• Utilize Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) tools to identify and analyze security issues.

• Collaborate with application teams to implement security best practices and ensure secure development processes.

• Stay updated with the latest security trends, vulnerabilities, and testing methodologies.

Qualifications:

• Proven experience in application penetration testing.

• Strong knowledge of OWASP Top 10 and advanced application security issues.

• Familiarity with SAST, DAST, and IAST tools.

• AWS experience is a plus.

• Relevant certifications such as GWAPT, PortSwigger Academy, or OSWE are highly desirable.

• Excellent communication skills with the ability to articulate security risks and remediation strategies to technical and non-technical audiences.

Preferred Skills:

• Hands-on experience with cloud security, particularly AWS.

• Advanced knowledge in application security and testing methodologies.

• Strong problem-solving skills and the ability to think like an attacker.