Pen Tester

NOTED :

We are looking Green card/EAD holders and US citizen candidates only for this position

Job Description :

Key Responsibilities / Required Skills:

o Experience in manual penetration testing, particularly in web and mobile applications.

o Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.

o Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.

o Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix

for vulnerability assessments.

o Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to

cloud environments.

o Familiar with Azure cloud security architecture, VNets, and Azure DevOps pipelines.

o Proficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.

o Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load

balancing strategies.

o Experience in building and assessing API security frameworks and secure coding practices for web

apps.

o Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes,

ensuring security across development, testing, and production phases.

o Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF)

challenges.

o Passion for discovering new vulnerabilities and security exploits.

o Excellent written and verbal communication skills to clearly articulate security risks and remediation

strategies.

o Familiar with common technology stacks such as LAMP, LEMP, and MEAN, as well as secure coding

practices for these environments.

o Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and

collaborating with development teams to resolve them.

o Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications

follow security best practices.

o Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.

o Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in

Java, Python, and Objective C.

o Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for

identifying issues like XSS, SQLi, CSRF, etc.

o Provide feedback on application architecture regarding network security, SSL/TLS configurations,

and cloud security best practices.

o Stay updated on emerging security vulnerabilities, develop API security strategies, and integrate

security controls into the CI/CD pipeline.

Certifications:

Desired certifications include OSCP, OSWA, CEH, or relevant SANS certifications.