Web Applications Tester

Covail is hiring a mid-level web application penetration tester. This role is for those that feel at home using a browser and interception proxy and not just a “point-and-click” scanner tool. We are looking for an experienced developer/application security tester to join our team of highly skilled penetration testers. 

Minimum Requirements: 

  • Advanced ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner (a browser, a proxy, an editor, and YOU)
  • Extensive experience/expertise in the use of an attack proxy (Burp, Zap, etc.)
  • Experience in use of source code scanners both paid and open-source
  • Experience using web application vulnerability testing suites is expected (Netsparker, AppScan, WebInspect, Acunetix, etc.)
  • Intermediate knowledge of C, C#, Python, Objective C, Java, Javascript, SQL, Angular JS, etc.
  • Intermediate knowledge of Web Services technologies such as XML, JSON, SOAP, REST, AJAX, etc.
  • Programming experience in two of the following languages: C#, Java, Python, Ruby
  • Experience with Enterprise Java or .NET web application frameworks
  • Database knowledge in MS SQL, MySQL, Oracle, etc.
  • Ability to conduct client conference calls, be the main point of contact, lead report generation activities, and be the main interface with clients on engagements.
  • Familiarity with testing web applications, thick clients, APIs, web services, mobile applications, and performing source code reviews in multiple programming languages.
  • Familiarity with black-box, grey-box, and white-box security assessments.
  • Familiarity with manual application security testing, the OWASP Top 10, and the OWASP Testing Guide.
  • Mobile and API application testing experience is a plus.
  • Prior consulting experience is a plus.
  • Strong understanding of common security controls and vulnerability testing techniques.
  • Good time management skills; the ability to commit and adhere to time-sensitive deliverables.
  • Demonstrated experience of analytical and project management skills.
  • Ability to work in a fast paced and collaborative environment.
  • Ability to work remotely, with or without others, take direction, and be a self-starter that takes initiative.
  • US Citizen

 While not required, the following would be a big plus: 

  • Network/Infrastructure Pentest experience & familiarity
  • Red Team experience & familiarity
  • Phishing/Social-Engineering experience & familiarity (real campaigns, not just PhishMe)
  • C2 Attack Infrastructure deployment and automation (offensive dev-ops)
  • Malware creation & Payload obfuscation


Though not required, any of the following certifications would be considered nice to have:

OSCP, OSWP, OSCE, OSEE, OSWE, any of the GIAC certs, etc.

About Covail:

Covail is a rapid innovation company founded by leading companies in seven different industries that delivers business value through advanced analytics and cybersecurity solutions. We offer a competitive benefits package that includes comprehensive medical and dental care, matching 401K, paid time off, as well as other voluntary benefits. Covail is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. For more information, please visit

To apply, please send a resume and cover letter to

Columbus Collaboratory is now Covail™

1375 Perry Street
Columbus, OH 43201
(614) 591-0440

Trustworthy, Intelligent Operations. Accelerated.

© Copyright 2020 Covail. All Rights Reserved.