Job Title: Penetration Tester
Location: Salem, OR- Locals are highly preferred. (Initial Remote and Onsite)
Experience Level: 8+ Years (relevant)
Note: USC/GC/EAD's only on W2
Key Responsibilities / Required Skills:
- Experience in manual penetration testing, particularly in web and mobile applications.
- Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.
- Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
- Hands-on experience with DAST andSAST tools such as IBM AppScan, HP WebInspect, and Acunetix
for vulnerability assessments.
- Practical experience with AWS services (EC2, S3, KMS, RDS) and securitybest practices relevantto cloud environments.
- Familiar with Azure cloudsecurity architecture, VNets, and Azure DevOps pipelines.
- Proficient in Python, Perl, PHP, Java, and ObjectiveC for securitytesting and code reviews.
- Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.
- Experience in building and assessing API securityframeworks and securecoding practices for web apps.
- Deep experience in implementing Secure SoftwareDevelopment Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
- Active participation in platforms like Hack the Box,Portswigger Academy, or Capturethe Flag (CTF)
challenges.
- Passion for discovering new vulnerabilities and security exploits.
- Excellent writtenand verbal communication skills to clearlyarticulate security risks and remediation strategies.
- Familiar with common technology stacks such as LAMP,LEMP, and MEAN,as well as secure coding practices for these environments.
- Conduct penetration testing on web and mobileapplications, identifying criticalvulnerabilities and collaborating with development teams to resolve them.
- Implement and maintain Application SecurityPrograms (DAST & SAST), ensuringall applications follow security best practices.
- Lead security scopingcalls with stakeholders, outlinesecurity risks, and develop remediation plans.
- Perform code reviewsto detect vulnerabilities and enforce securecoding standards, especially in
Java, Python, and Objective C.
- Utilize tools such as Burp Suite andCheckmarx for security testing,as well as manual testingfor identifying issues like XSS, SQLi, CSRF, etc.
- Provide feedback on application architecture regarding network security, SSL/TLS configurations, and cloud security best practices.
- Stay updated on emergingsecurity vulnerabilities, developAPI security strategies, and integrate security controls into the CI/CD pipeline.
Certifications:
Desired certifications includeOSCP, OSWA, CEH, or relevant SANS certifications.
Best Regards
Prabhakar
E: prabhakar@topsysit.com
D: 470-313-7990 Ext: 449
1740 Grassland Pkwy, Ste#301, Alpharetta, GA 30004.
