Remote Pentester: WebApp and/or Infrastructure Focus - Part-time

Access Talent Today, LLC - Hartselle, ALabama

Access Talent, LLC seeks a Remote web application penetration tester and a Remote Infrastructure pentester for part-time, projects of our US-based clientele.

The Web App Penetration Tester will use the OWASP testing methodology to assess the security of web applications and supporting APIs for principal clients.

Duties & Responsibilities

  • Conduct application security assessments and penetration tests (web, API, etc.)
  • Create tools to assist with penetration testing as needed
  • Provide recommendations for resolution of identified vulnerabilities
  • Write a formal security assessment report for each test using our company's standard reporting format.
  • Participate in conference calls with clients to understand the scope and goals of the penetration test
  • Participate in conference calls with clients to review assessment results and consult with the clients on remediation options
  • Retest security vulnerabilities that have been fixed and update the report to indicate the retesting results

    Required Skills and Qualifications

    • Ability to identify and exploit web app & REST API vulnerabilities
    • Ability to exploit all types of vulnerabilities defined in current and previous OWASP Top 10 lists
    • Strong critical-thinking skills
    • Proficiency in scripting languages, especially Python
    • Deep knowledge of at least one programming language (Python, JavaScript, etc.)
    • ---------------------------------------------------------------------------------------------------------------------

      The Infrastructure Penetration Tester will use the NIST SP800-115 testing methodology to assess the security of both off-the-shelf and custom-designed infrastructure.

      Duties & Responsibilities

    • Conduct application security assessments and penetration tests (Linux, Windows, MacOS, network and custom-developed infrastructure)
    • Create tools to assist with penetration testing as needed
    • Provide recommendations for resolution of identified vulnerabilities
    • Write a formal security assessment report for each test using our company's standard reporting format.
    • Participate in conference calls with clients to understand the scope and goals of the penetration test
    • Participate in conference calls with clients to review assessment results and consult with the clients on remediation options
    • Retest security vulnerabilities that have been fixed and update the report to indicate the retesting results

     

    Required Skills and Qualifications

    • Ability to identify and exploit Linux, Windows and MacOS vulnerabilities
    • Ability to identify and exploit vulnerabilities in common cloud architecture environments (e.g.: AWS, Azure)
    • Ability to quickly understand new, custom-designed applications & infrastructure
    • Ability to identify and exploit vulnerabilities in custom-designed applications & infrastructure
    • OSCP or OSCE
    • Proficiency in Cloud security including reviewing Cloud configurations and exploiting common Cloud specific security weaknesses.
    • Proficiency at reviewing code using manual techniques in more than one programing language.
    • Strong critical-thinking skills
    • Proficiency in scripting languages, especially Python
    • Deep knowledge of at least one programming language (Python, PowerShell, C, etc.)

    Work Locations

    • Remote (100%)

     



    Posted On: Thursday, July 14, 2022



    Apply to this job
    • Additional Information