Penetration Tester - Applications

Job OverviewOur client is looking for an experienced Application Penetration Tester to assess the security of a cloud-native, microservices-based architecture. You will focus on web and mobile applications, cloud security testing, adversary emulation, and continuous security improvement.Key responsibilities include static and dynamic source code reviews using tools like SAST, DAST, and SCA. You'll also leverage threat modeling and attack pathing to validate and enhance the organization's security controls.Your work will help ensure security measures function as intended and support global teams in maintaining the security of a widely used application.BenefitsHealth Insurance: Comprehensive health insurance plans covering medical, dental, and vision.Competitive Salary401(k) MatchingWork-Life BalanceGenerous Paid Time Off (PTO)Professional DevelopmentTraining and Development: Access to professional development programs, workshops, and certifications.Tuition Reimbursement: Financial support for further education and courses.Career Growth OpportunitiesCompany CultureInclusive EnvironmentTeam Building ActivitiesJob DescriptionSecurity Testing of Developer Operations and Mobile Apps:Conduct thorough security testing of developer operations and mobile applications (iPhone and Android).Identify security issues and vulnerabilities.Source Code Reviews:Perform in-depth source code reviews to identify security flaws or weaknesses.Executing Tests/Assessments and Drafting Reports:Execute detailed assessments and compile findings into reports for further review and action.Required Skills and Experience:Bachelor's degree in computer science, Software Engineering, or related field, or equivalent job experience.Professional certifications such as GWAPT (GIAC Web Application Penetration Tester), OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or similar.3-5 years of experience in application security testing and source code review.Proficiency in multiple programming languages and understanding of secure coding practices.Strong analytical skills and attention to detail for identifying vulnerabilities.Testing Developer Flows and Mobile Apps: Conducts thorough security testing of developer workflows and mobile applications (for both iPhone and Android platforms), identifying security issues and vulnerabilities.Conducting Source Code Reviews: Performs in-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications.Executing Tests/Assessments and Drafting Reports: Executes detailed assessments and compiles findings into reports for further review and action.Tools and Technologies:Experience with tools like Burp Suite Pro, Checkmarx, Corellium, Synopsys, Acunetix, VeraCode, SAST & DAST Tools, Plextrac, Cloud security (AWS / Azure / Oracle), Postman, SmartBear ReadyAPI, SoapUI, and Hashicorp Vault