ESR Healthcare
Web Application Penetration Tester Coppell, TX ref
ESR Healthcare, Coppell, Texas, United States, 75019
Web Application Penetration Tester
- Coppell, TX
Position Summary:
The Web Application Penetration Tester is responsible for ethically hacking web applications and APIs, discovering exploits, assigning risk ratings using CVSS scores, and reporting vulnerabilities.
Principal Responsibilities:
Understand the application architectural components and the business purpose of the application at a high level.
Understand threats and vulnerabilities reported in Threat Modeling, Static Code Analysis, and through open-source scans.
Perform penetration tests on Web Applications, APIs, and Mobile Applications using black-box testing tools, in-depth penetration tests (using shell scripts and manual testing techniques), DAST & SAST scans.
Conduct secure code reviews and assess code weaknesses related to configuration, authentication mechanisms, and user data or roles definitions that could be exploited.
Write executive and detailed reports with findings and recommendations.
Assist in the development of in-house testing tools and processes.
Research and learn about information security trends, new testing techniques, and best practices, sharing findings with the team.
Perform Red Team activities.
Experience:
7 years of experience in Application Penetration Testing.
Financial Services Industry experience.
Proficiency with Application Security best practices.
Experience working with markup languages and shell scripts.
Knowledge and Skills Required:
Proven knowledge of OWASP Top 10 & SANS Top 20.
Proven knowledge of application security methodologies, policies, standards, and best practices.
Ability to explain and articulate technical concepts using both technical and non-technical language.
Critical thinking and analytical skills.
Strong oral and written communication skills.
Excellent organizational skills, with the ability to be versatile and flexible.
Sound business judgment and the ability to work successfully with all levels of management.
Excellent grammar and style skills; ability to adapt writing style for different audiences and media.
Pre-screen Questionnaire:
What is your exact present location with the Zip code? How much time will it take you to commute to the Dallas office in peak hours?
What is the candidate's full legal name?
What is the candidate's Month and day of DOB (required for submission to DTCC)?
What date are you available to join?
Have you applied in the past 6 months? If yes, please provide details.
What is your work authorization status?
What is your desired hourly pay rate?
Job Insight:Note: Will consider local candidates only for this role. Needs to be based out of the Dallas, TX Office once the offices open.
INTERVIEW PROCESS:
Phone first, then video interview.
#J-18808-Ljbffr
- Coppell, TX
Position Summary:
The Web Application Penetration Tester is responsible for ethically hacking web applications and APIs, discovering exploits, assigning risk ratings using CVSS scores, and reporting vulnerabilities.
Principal Responsibilities:
Understand the application architectural components and the business purpose of the application at a high level.
Understand threats and vulnerabilities reported in Threat Modeling, Static Code Analysis, and through open-source scans.
Perform penetration tests on Web Applications, APIs, and Mobile Applications using black-box testing tools, in-depth penetration tests (using shell scripts and manual testing techniques), DAST & SAST scans.
Conduct secure code reviews and assess code weaknesses related to configuration, authentication mechanisms, and user data or roles definitions that could be exploited.
Write executive and detailed reports with findings and recommendations.
Assist in the development of in-house testing tools and processes.
Research and learn about information security trends, new testing techniques, and best practices, sharing findings with the team.
Perform Red Team activities.
Experience:
7 years of experience in Application Penetration Testing.
Financial Services Industry experience.
Proficiency with Application Security best practices.
Experience working with markup languages and shell scripts.
Knowledge and Skills Required:
Proven knowledge of OWASP Top 10 & SANS Top 20.
Proven knowledge of application security methodologies, policies, standards, and best practices.
Ability to explain and articulate technical concepts using both technical and non-technical language.
Critical thinking and analytical skills.
Strong oral and written communication skills.
Excellent organizational skills, with the ability to be versatile and flexible.
Sound business judgment and the ability to work successfully with all levels of management.
Excellent grammar and style skills; ability to adapt writing style for different audiences and media.
Pre-screen Questionnaire:
What is your exact present location with the Zip code? How much time will it take you to commute to the Dallas office in peak hours?
What is the candidate's full legal name?
What is the candidate's Month and day of DOB (required for submission to DTCC)?
What date are you available to join?
Have you applied in the past 6 months? If yes, please provide details.
What is your work authorization status?
What is your desired hourly pay rate?
Job Insight:Note: Will consider local candidates only for this role. Needs to be based out of the Dallas, TX Office once the offices open.
INTERVIEW PROCESS:
Phone first, then video interview.
#J-18808-Ljbffr