Pen Tester

Job Title : Pen Tester

Location : Salem, OR (Onsite)

Duration : Full Time

Key Responsibilities / Required Skills:

•   Experience in manual penetration testing, particularly in web and mobile applications.

•   Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.

•   Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.

•   Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix for vulnerability assessments.

•   Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.

•   Familiar with Azure cloud security architecture, VNets, and Azure DevOps pipelines.

•   Proficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.

•   Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.

•   Experience in building and assessing API security frameworks and secure coding practices for web apps.

•   Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.

•   Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF) challenges.

•   Passion for discovering new vulnerabilities and security exploits.

•   Excellent written and verbal communication skills to clearly articulate security risks and remediation strategies.

•   Familiar with common technology stacks such as LAMP, LEMP, and MEAN, as well as secure coding practices for these environments.

•   Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.

•   Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications follow security best practices.

•   Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.

•   Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in Java, Python, and Objective C.

•   Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues like XSS, SQLi, CSRF, etc.

•   Provide feedback on application architecture regarding network security, SSL/TLS configurations, and cloud security best practices.

•   Stay updated on emerging security vulnerabilities, develop API security strategies, and integrate security controls into the CI/CD pipeline.

Certifications:

Desired certifications include OSCP, OSWA, CEH, or relevant SANS certifications.