PenTester II – Application Security Focused (Permanent – Onsite – Washington D.C.)
A pioneering client in the cybersecurity industry is seeking a highly skilled and creative PenTester II – Application Security Focused (Permanent – Onsite – Washington D.C.) to join their dedicated Application Security team. This permanent position, based 5 days a week onsite in Washington D.C. (Union Market District), is crucial for supporting various cybersecurity projects. The ideal candidate will possess robust communication skills, exceptional creativity, and a proactive self-starter attitude, all essential for successfully aligning within the organization’s innovative and fast-paced environment.
PenTester II – Application Security Focused (Permanent – Onsite – Washington D.C.)
Location: Washington D.C. (Union Market District) – This is a Permanent, 5 Days A Week Onsite role.
Employment Type: Permanent
Pay Range: $140,000 – $160,000 per year
Industry: Computer and Mathematical
What’s the Job? Safeguarding Applications Through Advanced Penetration Testing
As a PenTester II with a strong application security focus, you’ll be at the forefront of identifying and mitigating vulnerabilities in critical web and mobile applications. Your expertise will directly enhance the security posture of the organization’s digital assets, using both automated tools and manual, in-depth analysis.
- Conduct Technical Testing of Web and Mobile Applications: You will be responsible for meticulously conducting technical testing of both web and mobile applications. This includes performing comprehensive penetration testing (simulating real-world attacks to find exploitable vulnerabilities) and executing thorough vulnerability scanning (using automated tools to identify known weaknesses). Your objective is to uncover security flaws before malicious actors do, ensuring the integrity and resilience of applications.
- Perform In-Depth Source Code Reviews and Provide Consulting: You will perform in-depth source code reviews, analyzing application codebases line by line to identify security flaws, logical vulnerabilities, and adherence to secure coding best practices. Following these reviews, you will provide crucial security consulting on findings, articulating risks, suggesting remediation strategies, and collaborating with development teams to implement robust fixes. This proactive approach helps embed security earlier in the development lifecycle.
- Implement Static and Dynamic Security Testing Techniques: You will expertly implement both static and dynamic security testing techniques.
- Static Application Security Testing (SAST): Involves analyzing application source code, bytecode, or binary code without executing it, to find security vulnerabilities.
- Dynamic Application Security Testing (DAST): Involves executing the application and examining it for security vulnerabilities in its running state. Your ability to combine these complementary techniques provides a comprehensive assessment of application security.
- Validate Security Controls Around Web Resources and Mobile Applications: A core responsibility will be to meticulously validate security controls implemented around web resources and mobile applications. This includes testing authentication mechanisms, authorization schemes, input validation, session management, encryption, and other protective measures to ensure they effectively prevent unauthorized access, data breaches, and other security compromises. Your validation efforts confirm the efficacy of defensive layers.
- Develop Comprehensive and Accurate Reports and Presentations: You will be responsible for developing comprehensive and accurate reports and presentations tailored for varied stakeholders. These reports will detail identified vulnerabilities, their severity, potential impact, and recommended remediation steps. Your ability to clearly articulate complex technical findings to both technical teams (developers, engineers) and non-technical audiences (management, business owners) is crucial for driving effective security improvements.
What’s Needed? Your Expertise in Application Security
To excel as a PenTester II with an application security focus, you’ll need extensive practical experience in penetration testing, a broad cybersecurity background, and proficiency with industry-standard security tools.
- Extensive Application Penetration Testing Experience: You must possess 3+ years of demonstrable experience performing application penetration tests or equivalent experience. This indicates a proven track record of actively identifying vulnerabilities in web and mobile applications through hands-on testing, rather than solely relying on automated scans. Your practical skills in exploiting flaws and understanding their impact are key.
- Comprehensive Background in Application, Network, and System Security: You are required to have a comprehensive background in application security, network security, and system security. This holistic understanding allows you to identify vulnerabilities across the entire technology stack, recognizing how flaws in one layer (e.g., application code) can be exploited through another (e.g., network misconfigurations or system weaknesses).
- Experience with Security Test Tooling (e.g., Burp Suite Pro): You must have hands-on experience with industry-standard security test tooling, particularly Burp Suite Pro. This proficiency includes using its various features for proxying traffic, intercepting and modifying requests, performing active and passive scans, and leveraging its extensions for advanced vulnerability discovery. Familiarity with other common testing tools is also beneficial.
- Proficiency in DAST/SAST/SCA Tools: You must demonstrate proficiency in DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing), and SCA (Software Composition Analysis) tools. This includes practical experience with tools like OWASP ZAP (a popular DAST tool) and Fortify Static Code Analyzer (a leading SAST tool). Your ability to effectively use these tools for automated vulnerability detection is crucial.
- Experience with Reading, Writing, and Editing Code: You must have practical experience with reading, writing, and editing code in various programming languages. This skill is essential for understanding application logic during source code reviews, crafting custom exploits or testing scripts, and effectively communicating with development teams about code-level vulnerabilities and fixes.
What’s in it for me? Impact, Growth, and a Collaborative Environment
This permanent PenTester II position in Washington D.C. offers a compelling environment for professional growth and significant impact within a leading cybersecurity organization.
- Opportunity to Work on a Long-Term, High-Impact Role: You will have the unique opportunity to work on a long-term contract (note: the client changed this to permanent in the title but retained ‘long-term contract’ in the benefits; I’ll reflect it as ‘long-term engagement’ for accuracy based on the conflicting info) with potential for renewal (or simply, a permanent role with significant tenure potential). Your contributions will be part of ongoing, critical cybersecurity initiatives, providing a profound sense of purpose.
- Support for Continuous Improvement and Professional Development: The organization strongly supports continuous improvement and professional development. You’ll be encouraged to expand your skills, pursue advanced certifications, attend conferences, and stay at the forefront of the rapidly evolving cybersecurity landscape.
- Engage in Innovative Research and Knowledge Sharing: You’ll have the chance to engage in innovative research related to application security vulnerabilities and testing methodologies. This is coupled with a strong emphasis on knowledge sharing within the team, fostering a collaborative environment where new insights and best practices are openly exchanged.
- Work in a Collaborative Environment that Values Team Ownership: You will thrive in a collaborative environment that genuinely values team ownership. This means working closely with colleagues, sharing responsibilities, and collectively striving for excellence in securing applications, fostering a sense of shared success.
- Contribute to Meaningful Projects that Enhance Application Security: Your work will directly contribute to meaningful projects that significantly enhance application security. By identifying and helping remediate vulnerabilities, you will play a crucial role in protecting the organization’s digital assets and its customers’ data, providing a tangible and impactful contribution.
Upon successful completion of a predefined waiting period, permanent employees are typically eligible for a comprehensive suite of benefits designed to support their well-being and financial security. These often include:
- Medical and Prescription Drug Plans: Comprehensive healthcare coverage for medical services and necessary prescription medications.
- Dental Plan: Benefits covering routine dental care and essential treatments.
- Vision Plan: Coverage for eye examinations, prescription glasses, and contact lenses.
- Health Savings Account (HSA): A tax-advantaged savings account to help pay for qualified medical expenses.
- Health Flexible Spending Account (HFSA): Allows pre-tax contributions for eligible healthcare costs.
- Dependent Care Flexible Spending Account (DCFSA): Provides tax advantages for dependent care expenses.
- Supplemental Life Insurance: Options for additional life insurance coverage for enhanced financial protection.
- Short Term and Long Term Disability Insurance: Income replacement benefits during periods of temporary or prolonged incapacitation due to illness or injury.
- Business Travel Insurance: Coverage for unforeseen events or emergencies that may occur during authorized business travel.
- 401(k), Plus Match: An opportunity to save for retirement with the added benefit of employer matching contributions, enhancing your long-term financial growth.
- Weekly Pay: Consistent and regular compensation, ensuring stable financial flow.
If this PenTester II – Application Security Focused role in Washington D.C. aligns with your expertise in application penetration testing, source code review, and your passion for enhancing cybersecurity, we encourage you to learn more about this exciting permanent, onsite opportunity. This is a fantastic chance to make a significant impact on application security within a leading organization.
Are you ready to use your creativity and technical skills to find and fix critical vulnerabilities?
Job Features
Job Category | Security |