WebPT P1 - Consultant

Company Overview

(Company details are not specified.)

Job Summary

As a WebPT P1 Consultant, you will play a critical role in enhancing application security through automated and manual testing methods. Your primary focus will be on identifying vulnerabilities in various applications, including web applications, mobile applications, and APIs. You will collaborate with both technical and non-technical stakeholders to report findings and drive remediation efforts, ensuring the security and integrity of our applications.

Responsibilities

• Conduct automated testing of running applications and perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
• Execute manual penetration tests on various platforms to discover and exploit vulnerabilities across web, mobile, and internal applications, APIs, and networks.
• Utilize application security tools such as AppScan, NetsSparker, Acunetix, Checkmarx, Veracode, BurpSuite, OWASP ZAP, and Kali Linux to perform comprehensive security tests.
• Provide detailed explanations of vulnerabilities including Insecure Direct Object Reference (IDOR), Second Order SQL Injection, and Cross-Site Request Forgery (CSRF); discuss root causes and recommend remediation strategies.
• Identify, evaluate, and adapt new tools and technologies to enhance functionality and effectiveness in client projects.

Qualifications

• A minimum of three (3) years of recent experience working with application security testing tools mentioned above.
• At least three (3) years of experience in manual penetration testing and code review against web applications, mobile applications, and APIs.
• Strong experience collaborating and communicating with both technical and non-technical audiences for reporting results and leading remediation discussions.
• Preferred: one (1) year of experience in the development of web applications and/or APIs.
• Ability to quickly learn and work with new tools and technologies as required by client projects.
• Preferred certifications in ethical hacking such as GWAPT, CREST, OSCP, OSWE, or OSWA.

Preferred Skills

• Familiarity with mobile application security testing.
• Knowledge of application architecture and business logic analysis.

Experience

• Minimum of three (3) years of relevant experience in application security testing and penetration testing.

Environment

(Typical work setting, location, and any physical or environmental conditions are not specified.)

Salary

(Salary range is not specified.)

Growth Opportunities

(Potential career advancement opportunities are not specified.)

Benefits

(Offered benefits details are not specified.)