Covail is hiring a mid-level web application penetration tester. This role is for those that feel at home using a browser and interception proxy and not just a “point-and-click” scanner tool. We are looking for an experienced developer/application security tester to join our team of highly skilled penetration testers.
- Advanced ability to detect, define, exploit, and remediate OWASP top 10 vulnerabilities without the use of a vulnerability scanner (a browser, a proxy, an editor, and YOU)
- Extensive experience/expertise in the use of an attack proxy (Burp, Zap, etc.)
- Experience in use of source code scanners both paid and open-source
- Experience using web application vulnerability testing suites is expected (Netsparker, AppScan, WebInspect, Acunetix, etc.)
- Intermediate knowledge of Web Services technologies such as XML, JSON, SOAP, REST, AJAX, etc.
- Programming experience in two of the following languages: C#, Java, Python, Ruby
- Experience with Enterprise Java or .NET web application frameworks
- Database knowledge in MS SQL, MySQL, Oracle, etc.
- Ability to conduct client conference calls, be the main point of contact, lead report generation activities, and be the main interface with clients on engagements.
- Familiarity with testing web applications, thick clients, APIs, web services, mobile applications, and performing source code reviews in multiple programming languages.
- Familiarity with black-box, grey-box, and white-box security assessments.
- Familiarity with manual application security testing, the OWASP Top 10, and the OWASP Testing Guide.
- Mobile and API application testing experience is a plus.
- Prior consulting experience is a plus.
- Strong understanding of common security controls and vulnerability testing techniques.
- Good time management skills; the ability to commit and adhere to time-sensitive deliverables.
- Demonstrated experience of analytical and project management skills.
- Ability to work in a fast paced and collaborative environment.
- Ability to work remotely, with or without others, take direction, and be a self-starter that takes initiative.
- US Citizen
While not required, the following would be a big plus:
- Network/Infrastructure Pentest experience & familiarity
- Red Team experience & familiarity
- Phishing/Social-Engineering experience & familiarity (real campaigns, not just PhishMe)
- C2 Attack Infrastructure deployment and automation (offensive dev-ops)
- Malware creation & Payload obfuscation
Though not required, any of the following certifications would be considered nice to have:
OSCP, OSWP, OSCE, OSEE, OSWE, any of the GIAC certs, etc.
Covail is a rapid innovation company founded by leading companies in seven different industries that delivers business value through advanced analytics and cybersecurity solutions. We offer a competitive benefits package that includes comprehensive medical and dental care, matching 401K, paid time off, as well as other voluntary benefits. Covail is an Affirmative Action/Equal Opportunity Employer and supports diversity in the workplace. For more information, please visit www.covail.com.
To apply, please send a resume and cover letter to email@example.com.