Application Security Consultant/Penetration Tester
TrustedSec is currently seeking passionate information security professionals to join our Software Security Team. The position will be reporting to the Practice Lead and will be responsible for assisting our valued customers in their software security assessment needs. This will include performing application security assessments of their software and environments in order to identify vulnerabilities and opportunities for improvement to achieve their desired security goals. At times, they will also work with other teams within the organization to collaborate on deliverables. This is a technical role and the candidate should be familiar with penetration testing and software development.
- MUST have familiarity with testing web applications, thick clients, APIs, web services, mobile applications, and performing source code reviews in multiple programming languages.
- MUST have familiarity with BurpSuite Professional, commercial static source code analysis (SAST) tools, and dynamic application security (DAST) tools.
- MUST have familiarity with black-box, grey-box, hybrid, and white-box security assessments.
- MUST have familiarity with manual application security testing, penetration testing methodologies, the OWASP Top 10, and the OWASP Testing Guide.
- Mobile application testing experience is a plus.
- Architecture reviews with software solutions is a plus.
- Mainframe familiarity and associated knowledge with languages such as COBOL or JCL is a plus.
- Maintains knowledge and skill-set by attending educational workshops, reviewing publications, writing blog posts, and potentially speaking at conferences or other events.
- Serve as a subject matter expert for other consultants/teams and shall regularly collaborate and contribute to furthering the education and progression of everyone’s skills, career, and success.
- Prior consulting experience is a plus.
- Ability to have or achieve within one (1) year of employment, an industry recognized security certification. Examples may include CISSP, OSCP, etc.
- 5+ years of strong information systems, software development, and/or information security experience desired.
- Comfortable with travel, up to twenty-five (25%) percent of the time.
- After an on-boarding probationary period, possess the ability to conduct assessment activities with limited direct supervision.
- Passion for the information security industry, including keeping abreast with current software technologies, platforms, frameworks, and security issues.
- Strong understanding of common security controls and vulnerability testing techniques.
- Good time management skills; the ability to commit and adhere to time-sensitive deliverables.
- Ability to conduct client conference calls, be the main point of contact, lead report generation activities, and be the main interface with clients on engagements.
- Demonstrated experience of analytical and project management skills.
- Excellent verbal and written communication skills including active listening skills and competence in presenting findings and recommendations to management.
- Ability to write technical documents with spelling, grammar, and punctuation being important
- Ability to work in a fast paced and collaborative environment.
- Ability to work remotely, with or without others, take direction, and be a self-starter that takes initiative.
Beyond the awesome people that are in the company, TrustedSec has some incredible benefits, including:
- Medical, vision, and dental
- 401k with company matching and no vesting period
- Flexible paid time-off / holidays
- Quarterly bonus program
- Training / conference opportunities
- Relevant industry certification reimbursement
- Plentiful meme sharing