Job Title: Application Pen Tester
Duration:6+ months contract
Location: 100% remote role.
Rate: $65/hr on c2c
Independents with LinkedIn
Job description:
Responsibilities
· Conduct technical assessments focused on finding privacy issues in internal and external facing systems, products and services
· Partner with Engineering teams to optimize SDLC testing
· Support the development of practices, processes, mechanisms, and the documentation for these activities, both internally and with working groups.
· Document and catalog privacy issues discovered during assessments
· Research new and novel tactics, techniques, and procedures that may be used to gain inappropriate access to user data
· Build tooling to automate portions of assessments
Minimum Qualification
· 5+ years’ experience in either Red Teaming, Penetration Testing, Vulnerability Research, or Application Security (conducting formal security reviews)
· 5+ years’ work experience in a role coding in Python, PHP, Java, C/C++ (or equivalent language) including code maintenance and review
· Experience translating technical concepts into language that is understood by software engineers, business and technical leaders
· Experience with common testing frameworks, such as the MITRE ATT$CK framework
· Experience with tools used to perform Dynamic Application Security Testing (DAST) or Static Application Security Testing (SAST)
· A strong understanding of core internet and networking technologies (e.g., TCP/IP, load balancing, authentication mechanisms, etc.)
· Relevant industry certifications (ISC2, ISACA, SANS/GIAC, CompTIA, AWS, GCP etc.)
Preferred Qualification
· Experience implementing or assessing the implementation of GDPR, CCPA, or equivalent privacy regulation
· Experience making contributions to the security or privacy community, such as public research, blogging, presentations, bug bounties, CVEs, etc.
· B.S. or M.S. in Computer Science, OSCP or relevant certifications