Application Security Penetration Tester
This is an opportunity to join a giant in the mobile applications world as an Application Security Penetration Tester. If you have a passion for securing applications, an in-depth understanding of application security, and the ability to identify and resolve vulnerabilities, this role is for you. You will play a key role in securing applications and shaping the future of their security posture by performing rigorous security assessments.
Responsibilities: In this role, you'll lead the security testing of their cloud-native, microservices-based architecture with a focus on web and mobile applications as well as cloud security testing. Key responsibilities include:
- Conducting comprehensive penetration testing and security assessments of web and mobile applications.
- Performing static (SAST), dynamic (DAST), and composition analysis (SCA) of source code.
- Engaging in threat modeling and threat actor simulations to test and enhance security controls.
- Collaborating with global development teams to ensure continuous improvement of the security posture.
Key Tasks:
- Perform in-depth security testing of development operations, iOS, and Android mobile applications.
- Carry out source code reviews to identify and mitigate security vulnerabilities.
- Execute detailed penetration tests and security assessments, documenting findings and recommendations.
- Automate security testing within CI/CD pipelines and implement secure coding practices.
- Conduct offensive security operations, including red team exercises to simulate real-world attack scenarios.
- Collaborate with DevOps teams to ensure security is integrated into every stage of the development lifecycle.
Qualifications:
- Bachelor's degree in Computer Science, Software Engineering, or equivalent experience.
- Professional certifications such as GWAPT, OSCP, or CEH.
- 3-5 years of experience in application security testing, source code reviews, and DevOps security.
- Proficient in programming languages and secure coding practices.
- Strong analytical skills and attention to detail.
Tools & Technologies: Experience with tools such as Burp Suite Pro, Checkmarx, Corellium, Acunetix, Synopsys, VeraCode, AWS/Azure/Oracle Cloud, Postman, SoapUI, HashiCorp Vault, and Plextrac.
Benefits:
- Health Insurance: Comprehensive medical, dental, and vision coverage.
- Competitive Salary: Attractive salary based on experience.
- 401(k) Matching: Company contributions to your 401(k) retirement plan.
- Generous PTO: Vacation, sick leave, and holidays.
- Professional Development: Access to training, workshops, and certifications.
- Tuition Reimbursement: Financial support for further education.
- Inclusive Environment: A diverse, supportive workplace with team-building activities and social events.
I look forward to receiving your applications and discussing it further!