An Information Security Consultancy based in Utah, who are a trusted adviser to top organizations worldwide and a leader in the cybersecurity industry, are looking for passionate pentesters who are knowledgeable in application security and vulnerabilities, to join their team at all levels junior - senior.
They have an excellent work culture and provide dedicated time for professional development and research as well as a variety of web app engagements.
- Penetration tests on Web and Conventional applications as well as embedded, firmware, mobile and more
- Use a combination of manual and automated techniques to assess risks and circumvent security mechanisms of devices and applications
- Design and develop security testing scenarios
- Create threat models that result in more secure application design
- Analyze and present results of testing to team members, managers and customers
- Write detailed problem reports, test plan documents, and mitigation recommendations as needed
- Develop tools to aid penetration test automation and effectiveness
- Review code for common security vulnerabilities
The ideal candidate would possess the following attributes:
- Experience performing Network, Web Application and API penetration tests
- Expert user of Web application proxies (MiTM proxy, ZAP, Burp)
- Familiar with various API's (REST, SOAP, JSON, etc)
- Comfortable manipulating and crafting HTTP requests
- Experience utilizing preferred suite of testing tools.
- Familiarity with the OWASP Testing Guide
- Competent at identifying and exploiting vulnerabilities (SQL Injection, Buffer Overflows, Command Execution, Cross Site Scripting, Cross Site Request Forgery, Privilege escalation, etc.)
- Comfortable documenting vulnerabilities, as well as the steps necessary to reproduce and remediate documented vulnerabilities.
- Industry Certifications - (OSCP, OSWE, GPEN)
Nice to have:
- S. in Computer Science or related degree
- Completed OSCP, OSCE, or a similar security certification
- Understanding of application design, development, and testing techniques
- Involved in Bug Bounty program
- Participated in a Capture the Flag event
Salary ranges from $80k - $120k depending on experience.