Web Application Pentester (Application Security SME)/Remote
Posted Today by Apetan Consulting
Negotiable
Undetermined
Remote
Remote
Summary: We are seeking an experienced Web Application Pentester and Application Security SME to identify, assess, and remediate security vulnerabilities in web applications. The role involves hands-on penetration testing, secure code review, and guiding development teams on best security practices.
Key Responsibilities:
- Perform manual and automated penetration testing on web applications, APIs, and services
- Identify vulnerabilities such as OWASP Top 10 issues (e.g., XSS, SQL Injection, CSRF, IDOR)
- Conduct secure code reviews and threat modeling exercises
- Provide detailed vulnerability reports with risk ratings and remediation guidance
- Work closely with developers to fix security issues and improve secure coding practices
- Integrate security testing into CI/CD pipelines (DevSecOps practices)
- Assist in defining and enforcing application security standards and policies
- Stay updated on emerging threats, tools, and techniques
Key Skills:
- Strong experience in web application penetration testing
- Deep understanding of OWASP Top 10 and common web vulnerabilities
- Proficiency with tools like Burp Suite, OWASP ZAP, Nmap, etc.
- Knowledge of HTTP/HTTPS, REST APIs, authentication mechanisms (OAuth, JWT, SSO)
- Experience with scripting (Python, Bash, or similar)
- Familiarity with secure coding practices across languages (Java, JavaScript, etc.)
- Understanding of SDLC and security integration (DevSecOps)
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Job Title: Web Application Pentester (Application Security SME)
Location: Remote
Experience: 4–8 years
Job Summary
We are seeking an experienced Web Application Pentester and Application Security SME to identify, assess, and remediate security vulnerabilities in web applications. The role involves hands-on penetration testing, secure code review, and guiding development teams on best security practices.
Key Responsibilities
- Perform manual and automated penetration testing on web applications, APIs, and services
- Identify vulnerabilities such as OWASP Top 10 issues (e.g., XSS, SQL Injection, CSRF, IDOR)
- Conduct secure code reviews and threat modeling exercises
- Provide detailed vulnerability reports with risk ratings and remediation guidance
- Work closely with developers to fix security issues and improve secure coding practices
- Integrate security testing into CI/CD pipelines (DevSecOps practices)
- Assist in defining and enforcing application security standards and policies
- Stay updated on emerging threats, tools, and techniques
Required Skills
- Strong experience in web application penetration testing
- Deep understanding of OWASP Top 10 and common web vulnerabilities
- Proficiency with tools like Burp Suite, OWASP ZAP, Nmap, etc.
- Knowledge of HTTP/HTTPS, REST APIs, authentication mechanisms (OAuth, JWT, SSO)
- Experience with scripting (Python, Bash, or similar)
- Familiarity with secure coding practices across languages (Java, JavaScript, etc.)
- Understanding of SDLC and security integration (DevSecOps)
Preferred Skills
- Experience in API security testing
- Knowledge of cloud security (AWS, Azure, Google Cloud Platform)
- Familiarity with container security (Docker, Kubernetes)
- Experience with SAST/DAST tools
- Bug bounty or real-world vulnerability disclosure experience
Certifications (Good to Have)
- OSCP, CEH, GWAPT, or similar AppSec certifications
Soft Skills
- Strong analytical and problem-solving skills
- Effective communication and report-writing abilities
- Ability to work with cross-functional teams