Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Web Application Penetration Tester
Company Halock Security Labs
Location Remote
Preferred GIAC Certifications GWAPT, GPEN
Travel 0%
Salary Not provided
URL https://www.halock.com/careers/web-application-penetration-tester/
Contact Name Paul Schmelzel
Contact Email pschmelzel/at/halock.com
Expires 2021-06-15

Job Description

Responsibilities:
Perform web application penetration testing using a variety of manual methods, tools, and techniques
Exhibit extensive knowledge of industry standard web application penetration testing methods, in particular, the OWASP testing standard.
Perform penetration testing in accordance with PCI-DSS 6.6.
Contribute to HALOCK’s application penetration testing framework, including deliverables, custom script development, testing methods and techniques, and ongoing research
Author detailed and articulate penetration test reports, including prescriptive recommendations for remediation options

Qualifications:
Three (3) years of experience in manual web application penetration testing across a variety of technologies
Strong knowledge of web application security testing tools
Excellent ability to troubleshoot technical issues
Effective technical and business level writing
Shell scripting and/or development in languages such as Python
Ability to multi-task without compromising deadlines and assignment expectations
Take direction from project management and work as part of a collaborative team
Strong organizational skills, including ability to deliver with minimal supervision
Basic project management competencies such as following process and protocol for project delivery, ability to identify project risks, project multitasking, and ability to self-manage when appropriate
Ability to execute assessments as defined in project plans, within assigned budgets and due dates
High motivation, integrity, and commitment to self-development
Strong verbal communication skills

Preferred:
Cross discipline experience in Network Penetration Testing
Formal education in Information Security, Information Technology, Computer Science, Engineering or related discipline preferred
Applicable security certifications such as GWAPT, CISSP, OSCP, CEH
Previous application development experience
Previous experience conducting penetration testing in a consulting capacity