Job Description :

Position Description:

The Application Security Tester is responsible for detecting threats and vulnerabilities in target systems, networks, and applications by conducting systems, network and web vulnerability assessment / security testing. The Application Security Tester identifies the security flaws and weaknesses in the systems that can be exploited to cause business risk, and provides crucial insights into the most pressing issues, suggesting how to prioritize security resources.


  • Knowledge of common software vulnerabilities, such as those in the OWASP Top 10.
  • Experience with CVSS and how to apply.
  • Acts as influencer of peers and management.
  • Conducts Software Composition Analysis, SAST, DAST and Penetration testing.
  • Post vulnerability assessment, work with various stakeholders to provide remediation to the identified risks and bring the same to closure.
  • Conducts proof of concepts, vendor comparisons and recommend solutions in line with business requirements.
  • Conducts risk assessments to evaluate the effectiveness of existing controls and determine the impact of proposed changes to business processes, applications and systems.
  • Conducts security research on threats and remediation methods.
  • Conducts vulnerability assessment on the target IT Infrastructure, applications and related information assets.
  • Conducts walk-through of the assessment report to the stakeholders and help define remediation plan.
  • Creates process improvement by identifying inefficiencies and solutions for process improvements.
  • Develops and maintains a set of operational and forward-looking security metrics.
  • Follows a standard methodology to identify and/or detect threats to the IT infrastructure, applications and other information assets.
  • Oversees monitoring of security reports to identify issues and follow these issues to resolution.
  • Performs web application security assessments (e.g., exploiting web app vulnerabilities such as SQL injection, cross-site scripting, parameter manipulation, session hijacking, etc..
  • Prepares system security reports by collecting, analyzing, and summarizing data and trends; presents reporting for management review.


  • 3+ years of Direct Application Security Testing Experience, performing and evaluating SAST, DAST, Pen.Test.
  • Knowledge of common software vulnerabilities, such as those in the OWASP Top 10.
  • Experience with CVSS and how to apply.
  • Must have experience with web application and code vulnerability scanning tools such as AppScan, Fortify, BurpSuite.
  • Security certifications a plus.
  • Ethical hacking experience a plus.
  • Exposure to IT risk management a plus.

Additional Requirements:

  • 5-10 years of experience.
  • 3 years direct experience performing Application Security testing duties (SAST/DAST, Penetration Testing).


  • CEH/CSAE/SEC542 or any equivalent security testing certifications.
  • Spanish is not mandatory but nice.

Required Skills :
Basic Qualification :
Additional Skills :
Background Check :Yes
Drug Screen :Yes
Notes :
Selling points for candidate :
Project Verification Info :
Candidate must be your W2 Employee :No
Exclusive to Apex :No
Face to face interview required :No
Candidate must be local :No
Candidate must be authorized to work without sponsorship ::No
Interview times set : :No
Type of project :Other Project Type
Master Job Title :VMS Access Entry
Branch Code :Boston

Similar Jobs you may be interested in ..