Penetration Tester

Summary: The Penetration Tester will be responsible for all security testing activities across the E&T solution portfolio, with a focus on the Grants Management practice. This role aims to ensure timely, secure releases by promoting a shift-left mindset in application and network security. The position requires collaboration with various teams to enhance testing techniques and mentor junior members. The role is remote and has a duration of 6 months with the possibility of full-time employment.

Key Responsibilities:

• Perform manual application penetration testing against APIs (REST/SOAP), Web Apps, Mobile apps, and thick client apps
• Perform threat modeling, evaluate application business logic, and perform application architecture reviews
• Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options; and assist teams in weighing options
• Partner with the Cyber teams to develop new testing techniques, automation for testing and marketing collateral to support the practice and mentor junior and offshore team members on tools and techniques in performing tests
• Ability to exploit POCs and demonstrate application testing experience in real time via demos to internal audiences
• Minimum four (4) years of recent experience in application penetration testing of APIs, web applications, or mobile applications
• Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations
• Experience with burp suite pro, and other app testing tools such as Netsparker and Checkmarx
• One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA

Key Skills:

• Experience in application penetration testing of APIs, web applications, or mobile applications
• Ability to communicate effectively with technical and non-technical audiences
• Experience with burp suite pro, Netsparker, and Checkmarx
• Knowledge of threat modeling and application architecture reviews
• Mentoring skills for junior and offshore team members
• Ethical hacking certifications (preferred but not required)

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT