Title: Application Security Penetration Tester
Location: Anywhere, USA - 100% Remote
Terms: Direct Hire / Perm W2
Level: Consultant Level 2 of 3 (Engineers (responsible for certain elements/tasks on a project and delegating tasks)
Direct Reports: None
Salary/Rates: Targeting 125K Plus Bonus Opportunity. Open to all levels of salary requests depending on level of experience.
3 Most Important Requirements
- Experience doing manual web application, single page application, and mobile application assessments with Burp Suite (not just using scanning tools and validating the results)
- Experience and proficiency with testing for all the vulnerabilities in methodology, understanding OWASP Top 10.
- Great at contributing to writing documentation
Do you have a coding background and enjoy learning about, finding, and addressing security vulnerabilities? Do you want to work with a team of application security experts conducting security assessments, penetration testing, research, and consulting
On our team, accomplished consultants are given the opportunity to lead team members on engagements, lead training events, conduct research, and provide guidance to clients for implementing remediation fixes for identified risks. After a few weeks of shadowing team members, new hires will have a solid understanding of our daily processes and methodologies. Investing and training budget
Our Client has 3 types of roles within the organization: This is the mid-level Position
- We have a need for an Application Security Consultant, which is a technical role that conducts application security penetration tests, assessments, and leads projects on our team. Our team sees a variety of web technologies including single page applications (SPAs), Android and iOS applications, SOAP and REST services, desktop applications, OAuth implementations, single sign-on, custom network protocols, and more.
- We get to do reverse engineering of .NET, Java, Android, and other common platforms as part of engagements.
- We train and support one another in gaining the skills required to test these applications thoroughly. You will not be bored!
- Although we have entry level positions open on our team, this particular opportunity is not an entry level position and requires some existing knowledge of code/application-layer development technologies and security issues.
- Apprentice (observes and shadows)
- Engineers (responsible for certain elements/tasks on a project and delegating tasks)
- Consultant (leads and is responsible for all aspects of a client project and responsible for all of the client's applications - meeting directly with clients to discuss vulnerabilities)
- Apply testing methodologies and tools to perform penetration testing and assessments on complex applications.
- Maintain application development knowledge and skills to support Security PS methods, services, and consultative value.
- Lead assessment engagements according to our defined methodology, collaborating with the team for support, and taking ownership of the result.
- Manages priorities and tasks to achieve utilization targets.
- Participate in research and development efforts to improve Security PS practices and team skills.
- Manage personal work time with little supervision while meeting internal and external client deliverable deadlines.
Demonstrable knowledge of:
Passing knowledge of:
- Web, mobile, API, and thick client application technologies and platforms
- Modern development frameworks such as .NET, .NET Core and Java
- AppSec tools such as Burp Suite, ILSpy, dnSpy, JD-GUI, apktool
- Application security principles, risks, attacks, and resources from sources such as the OWASP Testing Guide and Burp Web Academy
- Excellent writing skills
- Planning, communication, and consulting soft skills.
- General networking principles and IT administration basics.
- Encryption methods, disciplines and technologies
- Technical management and IT business concepts.
- Direct work experience performing manual application penetration testing or assessments
- Ability to begin testing immediately with guidance on Security PS’s specific methodology
Covenant Consulting strives to attract, cultivate and retain exceptional talent. If you feel you are a match for the position, and are interested in a great growth opportunity, we encourage you to contact email@example.com.
Covenant Consulting is a Technology Services Provider offering project-based IT consulting, IT staffing and IT recruiting services. Every partnership reflects our uncompromising commitment to quality and integrity. We have extensive experience and capabilities in project-based consulting, short and long-term staff augmentation, and permanent recruitment. We work with companies of every size, across many industries and have the flexibility to scale solutions to meet our client's specific needs.