Manual Web Application Penetration Tester

Responsibilities:

• Perform manual Application penetration testing against API’s (REST/SOAP), Web Applications, Mobile applications, and thick client applications
• Perform threat modeling, evaluate application business logic, and perform application architecture reviews
• Ability to demonstrate application testing experience in real time via demos to both internal and external audiences
• Ability to perform objective based, abstract penetration testing engagements
• Ability to develop and exploit POCs
• Act independently in penetration testing engagements, with minimal oversight and guidance
• Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options

Qualifications:

• Minimum 5 years of recent experience in application penetration testing of API’s, web applications and mobile applications
• Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations
• Experience with burp suite pro, and other app testing tools such as Netsparker
• Bachelor's degree from an accredited college/university or equivalent industry experience
• One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA

Key skills: Manual Testing, penetration testing, Netsparker, API, Mobile applications