Job Overview
We are seeking a highly skilled and experienced Application
Penetration Tester to join our dynamic team. This role is ideal for someone
with a passion for cybersecurity, a deep understanding of application security,
and the ability to identify and mitigate vulnerabilities. The successful
candidate will play a critical role in ensuring the security of our
applications and guiding our security testing and vulnerability triage.
As part of this project, you will conduct a comprehensive
security assessment of a cloud-native, microservices-based architecture. Your
focus will be on web and mobile applications and cloud security testing,
adversary emulation, and continuous security posture improvement.
You will leverage your expertise in application security,
utilizing tools such as SAST (Static Application Security Testing), DAST
(Dynamic Application Security Testing), and SCA (Software Composition Analysis)
to perform both static and dynamic source code reviews. Additionally, you will
employ threat modeling and threat actor attack pathing to continually validate
the effectiveness of the customer’s security controls.
The primary goal is to ensure that the security controls
implemented by the organization are functioning as intended. By doing so, you
will enhance the overall security defenses and collaborate with global
development teams to maintain the ongoing security of the globally adopted
application.
Requirements
Job Description Highlights
Security Testing of Developer Operations and Mobile Apps:
·Conduct thorough security testing of developer operations and
mobile applications (iPhone and Android).
·Identify security issues and vulnerabilities.
Source Code Reviews:
·Perform in-depth source code reviews to identify
security flaws or weaknesses.
Executing Tests/Assessments and
Drafting Reports:
·Execute detailed assessments and compile
findings into reports for further review and action.
Required Skills and Experience:
- Bachelor’s degree in computer science, Software Engineering, or related field, or equivalent job experience.
- Professional
certifications such as GWAPT (GIAC Web Application Penetration Tester),
OSCP (Offensive Security Certified Professional), CEH (Certified Ethical
Hacker), or similar.
- 3-5
years of experience in application security testing and source code
review.
- Proficiency
in multiple programming languages and understanding of secure coding
practices.
- Strong
analytical skills and attention to detail for identifying vulnerabilities.
- Testing Developer Flows
and Mobile Apps: Conducts thorough security testing of developer workflows
and mobile applications (for both iPhone and Android platforms),
identifying security issues and vulnerabilities.
- Conducting
Source Code Reviews: Performs in-depth source code reviews to identify
security flaws or weaknesses that could be exploited in software
applications.
- Executing Tests/Assessments and Drafting
Reports: Executes detailed assessments and compiles findings into reports for
further review and action.
Tools and Technologies:
Experience with tools like Burp Suite Pro, Checkmarx,
Corellium, Synopsys, Acunetix, VeraCode, SAST & DAST Tools, Plextrac, Cloud
security (AWS / Azure / Oracle), Postman, SmartBear ReadyAPI, SoapUI, and
Hashicorp Vault
Benefits
Benefits
Beyond a role, joining OnDefend means becoming part of a
community dedicated to making a difference. We offer:
Health and Wellness
- Health Insurance: Comprehensive health insurance
plans covering medical, dental, and vision.
Financial Benefits
- Competitive Salary: Attractive salary packages that reflect the
candidate’s experience and skills.
- 401(k) Matching: Company matches
contributions to the 401(k) retirement plan up to a certain percentage.
Work-Life Balance
- Generous Paid Time Off (PTO): Including vacation days, sick leave,
and holidays to help you recharge and spend time with loved ones.
Professional Development
- Training
and Development: Access to professional development programs, workshops,
and certifications.
- Tuition
Reimbursement: Financial support for further education and courses related
to the job.
- Career
Growth Opportunities: Clear career progression paths and opportunities for
promotion.
Company Culture
- Inclusive Environment: A diverse and inclusive
workplace where all employees feel valued.
- Team Building Activities: Regular team-building
events and social gatherings.
Additional Perks
- Technology and Tools: Access to the latest technology and tools
needed to perform the job effectively.
