Penetration Testing Engineering
1 week ago
Remote
Contract Role
Job Description/ Responsibilities
Experience must include:
1. Security testing of custom solutions, integrations with ERP solutions and other commercial of the shelf solutions, application middleware (API, application servers, etc.), etc. that are on-premise and/or in the cloud in web, fat client or mobile form.
2. Practical working knowledge and use of
o Penetration testing tools and frameworks such as BurpSuite, Metasploit, Nmap, AppScan, etc.
o Cloud and container technologies like Azure Kubernetes, Azure Container Registry, etc.
o Java, C++, C#, Python, HTML, Java script, PHP.
o Windows and UNIX operating systems and operation/configuration of common web servers as Apache, etc.
o OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification).
3. Practical working knowledge with identifying and mitigating security weaknesses, and incorporating security into enterprise software development lifecycle, both agile and traditional waterfall.
4. Demonstrated knowledge of running a broad range of web application testing tools, identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan.
5. Proven level of understanding of web application technologies (Java, .NET) and database management systems (Oracle, MS SQL) and related security concepts.
6. In-depth and hands-on working knowledge of common website vulnerabilities such as SQL injection, cross-site scripting, remote/local file inclusion, etc.; in-depth knowledge of common website exploit techniques such as character encoding, privilege escalation, directory traversal, etc.
7. Knowledge of security solutions, latest threats, and countermeasures.
Required Soft Skills
1. Analytical skills that enable synthesis of inputs from many sources and allow for strategic thinking and tactical implementation.
2. Spoken and written communications that are compelling, convincing, and reassuring, and skills to articulate complex technical ideas to non-technical stakeholders.
3. Ability to think laterally and to have input to / propose detailed, complex solutions to technical issues.
4. Interpersonal skills that create openness and trust among colleagues.
5. Ability to work well under pressure and to meet tight deadlines. Demonstrates a high level of motivation, confidence, integrity, and responsibility.
6. Ability to be organized, responsive and to be able to effectively multi-task with a focus on driving results.
7. Demonstrate excellent interpersonal and relationship management skills. This includes the ability to work independently, effectively in a team/task force as a team member or leader, and with senior staff and managers.
8. Ability to work well under pressure and to meet tight deadlines, whilst demonstrating a high level of motivation, confidence, integrity, and responsibility.
9. Excellent relationship management skills. Facilitation and conflict management skills that enable effective working relationships.
Education
1. Bachelor's degree in information security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 10 years of relevant experience in regulated industries; OR
2. Advanced degree in Information Security, computer science, engineering, mathematics, business, or related field of study plus a minimum of 5 years of relevant experience in regulated industries.
Certifications: (Minimum plus at least 1 preferred)
1. CEH or CompTIA PenTest+ or CSSLP (minimum required)
2. GIAC application security and/or pen testing related certifications (preferred)
3. Offensive security related certifications (preferred)
o 1. Penetration testing tools and frameworks such as BurpSuite, Metasploit, Nmap, AppScan, etc.
o Cloud and container technologies like Azure Kubernetes, Azure Container Registry, etc.
o Java, C++, C#, Python, HTML, Java script, PHP.
o Windows and UNIX operating systems and operation/configuration of common web servers as Apache, etc.
o OWASP, WASC, SANS, CVE, and CVSS (Threat & Vulnerability classification).
8. Practical working knowledge with identifying and mitigating security weaknesses, and incorporating security into enterprise software development lifecycle, both agile and traditional waterfall.
9. Demonstrated knowledge of running a broad range of web application testing tools, identifying vulnerabilities as per SANS 25 or OWASP Top 10 specifications and helping develop platform specific remediation plan.
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
-
Cybersecurity Engineer
7 days ago
Washington, Washington, D.C., United States Diverse Lynx Full timeJob Title: Cybersecurity Engineer - Penetration TesterThis role involves applying security testing methodologies to identify vulnerabilities in custom solutions, ERP integrations, and commercial off-the-shelf solutions. Key responsibilities include:• Practical working knowledge of penetration testing tools and frameworks like BurpSuite, Metasploit, and...
-
Washington, DC, United States Amazon Full timeSecurity Engineer II, Offensive Security Penetration Testing Job ID: 2817030 | Amazon.com Services LLC Amazon’s Information Security Penetration Testing Team is seeking a Security Engineer to help keep Amazon secure for its customers. In this role, you will attack Amazon’s services, applications, and websites to discover security issues and report them...
-
Penetration Tester
4 weeks ago
Washington, United States Insight Global Full timeJob DescriptionJob DescriptionMust Haves:4+ years of experience conducting manual Source Code reviewsExperience with automated testing tools for SAST (Static Application security Testing), DAST (dynamic Application security Testing), and SCA (software Composition Analysis)Example tools: Checkmarx, Burp Suite Pro, Plextrac, Veracode, Hashicorp Vault4+ years...
-
Penetration Tester
1 week ago
Washington, United States Editech Staffing Full timeJob OverviewOur client is looking for an experienced Application Penetration Tester to assess the security of a cloud-native, microservices-based architecture. You will focus on web and mobile applications, cloud security testing, adversary emulation, and continuous security improvement.Key responsibilities include static and dynamic source code reviews...
-
Application Penetration Tester
1 month ago
Washington, United States Editech Staffing Full timeApplication Penetration TesterOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful...
-
Penetration Tester
2 months ago
Washington, United States Editech Staffing Full timeJob OverviewOur client is looking for an experienced Application Penetration Tester to assess the security of a cloud-native, microservices-based architecture. You will focus on web and mobile applications, cloud security testing, adversary emulation, and continuous security improvement.Key responsibilities include static and dynamic source code reviews...
-
Penetration Tester
2 months ago
washington, United States Editech Staffing Full timeJob OverviewOur client is looking for an experienced Application Penetration Tester to assess the security of a cloud-native, microservices-based architecture. You will focus on web and mobile applications, cloud security testing, adversary emulation, and continuous security improvement.Key responsibilities include static and dynamic source code reviews...
-
Lead Application Penetration Tester
1 week ago
Washington, United States Editech Staffing Full timeLead Application Penetration TesterOnsite / Washington, DCJob Overview Our client is seeking a highly skilled and experienced Lead Application Penetration Tester to join their dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities....
-
Application Penetration Tester
4 weeks ago
washington, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Application Penetration Tester
4 weeks ago
washington, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Application Penetration Tester
1 month ago
Washington, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Intermediate Penetration Tester
24 hours ago
Washington, DC, United States Chenega Corporation Full timeIntermediate Penetration Tester Hybrid Schedule: In person, in the Washington, DC office twice per week Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence &...
-
Lead Application Penetration Tester
3 weeks ago
washington, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Lead Application Penetration Tester to join their dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Lead Application Penetration Tester
4 weeks ago
washington, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Lead Application Penetration Tester to join their dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Lead Application Penetration Tester
1 month ago
Washington, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Lead Application Penetration Tester to join their dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Application Penetration Tester
4 weeks ago
Washington, DC, United States Editech Staffing Full timeApplication Penetration TesterOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful...
-
Application Penetration Tester
4 weeks ago
Washington, DC, United States Editech Staffing Full timeOnsite / Washington, DCJob OverviewOur client is seeking a highly skilled and experienced Application Penetration Tester to join our dynamic team. This role is ideal for someone with a passion for cybersecurity, a deep understanding of application security, and the ability to identify and mitigate vulnerabilities. The successful candidate will play a...
-
Lead Application Penetration Tester
2 months ago
Washington, United States Kavaliro Full timeKavaliro is seeking an experienced Lead Application Penetration Tester to join our cyber security client. This role is perfect for someone passionate about cybersecurity and skilled in identifying and mitigating vulnerabilities in application security. As the lead, you'll be responsible for the security of cloud-native, microservices-based applications,...
-
Test Engineer
3 weeks ago
Washington, United States Marathon TS Full timeMust have an active Secret ClearanceMarathon TS is looking for a Senior Test Engineer that will support the research, development, test and evaluation (T&E) of security systems for components of their client. The Senior Test Engineer is primarily responsible for evaluating the holistic system and determining how changes affect system operation and/or...
-
Senior Security Engineer
1 week ago
Washington, United States Glocomms Full timeWe are are partnered with a leading real estate data analytics company to bring on a Senior Security Engineer to join their offensive security team. This role requires a technical leader who can drive advanced red team engagements and coordinate purple team activities to enhance their security posture. This engineer will conduct thorough adversary emulation...
