Senior Web Application Penetration Tester (Charlotte, NC)

Job Title: Senior Web Application Penetration Tester

Location: Charlotte, NC

Job Description:

We are seeking a highly skilled and experienced Senior Web Application Penetration Tester to join our dynamic team in Charlotte, NC office. As a Senior Penetration Tester, you will be responsible for identifying and exploiting vulnerabilities in web applications, conducting thorough security assessments, and providing actionable recommendations to enhance our clients' security posture.

Key Responsibilities:

1. Conduct comprehensive penetration tests on web applications to identify security vulnerabilities, including but not limited to injection flaws, authentication and session management weaknesses, cross-site scripting (XSS), and insecure direct object references.
2. Utilize both manual and automated techniques to discover, exploit, and mitigate security vulnerabilities.
3. Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities based on risk assessment.
4. Develop detailed reports documenting findings, including clear and actionable recommendations for remediation.
5. Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and mitigation techniques, and actively contribute to the team's knowledge base.
6. Provide mentorship and guidance to junior team members, fostering their professional development in the field of web application security.
7. Act as a subject matter expert in web application security, providing guidance and support to both technical and non-technical stakeholders.

Requirements:

1. Bachelor's degree in Computer Science, Information Security, or related field. Equivalent work experience may be considered.

2. Minimum of 5 years of experience in web application penetration testing.

3. Proficiency in using industry-standard penetration testing tools such as Burp Suite, OWASP ZAP, and Metasploit.

4. Extensive knowledge of web application security vulnerabilities and exploitation techniques, including OWASP Top 10.

5. Strong understanding of web technologies such as HTML, JavaScript, CSS, and server-side scripting languages (e.g., PHP, Python, ASP.NET).

6. Experience with various operating systems, including Windows, Linux, and Unix.

7. Excellent communication skills, with the ability to effectively convey technical information to both technical and non-technical stakeholders.

8. One or more relevant certifications such as:

   • Offensive Security Certified Professional (OSCP)
   • Certified Information Systems Security Professional (CISSP)
   • Certified Ethical Hacker (CEH)
   • GIAC Web Application Penetration Tester (GWAPT)
   • EC-Council Certified Security Analyst (ECSA)

9. Must be a US Citizen.

Preferred Qualifications:

1. Experience with cloud platforms such as AWS, Azure, or Google Cloud Platform.
2. Familiarity with DevOps principles and practices.
3. Experience with mobile application security testing.
4. Knowledge of secure coding practices and static code analysis tools.