- Conduct white box security testing to assess and validate application security
- Monitor and track progress of found vulnerabilities and maintain the history
- Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation
- Issue reports on assigned application and system scans
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.
- At least 2 years’ experience in web application security.
- Expert knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers.
- Excellent problem solving and analytical skills, self-motivated; outstanding oral and written communication skills
- Intimate knowledge and hands-on experience using Nessus, Foundstone, Nmap, BurpSuite, including manual techniques.
- Knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each.
- Demonstrated manual web application testing experience; for example, you must be able to simulate a SQL inject without tools, simulate XSS attack, X-Path Injection, etc.
Desired Knowledge, Skills and Experience:
- Bachelor’s degree in an Information Technology related field of study or equivalent experience
- 5+ years of experience in web application security
- Solid knowledge of penetration testing methodology and prior experience with programming in one or more server-side technologies such as Java, JSP, PHP, ASP.Net, ColdFusion, Perl, Python, etc.
- Demonstrated ability to verify, through manual penetration testing, each finding to reduce false positives, increasing the accuracy of our reporting.
- Firm understanding of risk and using CVSS scoring to appropriate classify vulnerabilities.
- Active member of IT Security user groups with security certification (CISSP, CEH, GWAPT, GPEN, OSCP, CAST, GWEB, OSWE, WAPT etc.)