SIGN IN
Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Confidential · 8 hours ago

Application Security Engineer

positionUnited States
timeContract
remoteRemote
senioritySenior Level
money$65/hr - $65/hr
date5+ years exp
Confidential company is seeking a Manual Web Application Penetration Tester to perform manual application penetration testing. The role involves evaluating application business logic, conducting threat modeling, and engaging with both technical and non-technical audiences to articulate testing processes and results.
Staffing & Recruiting
badNo H1BnoteU.S. Citizen Onlynote
Hiring Manager
Lisa Jackson
linkedin

Responsibilities

Perform manual Application penetration testing against API’s (REST/SOAP), Web Applications, Mobile applications, and thick client applications
Perform threat modeling, evaluate application business logic, and perform application architecture reviews
Ability to demonstrate application testing experience in real time via demos to both internal and external audiences
Ability to perform objective based, abstract penetration testing engagements
Ability to develop and exploit POCs
Act independently in penetration testing engagements, with minimal oversight and guidance
Engage with technical and non-technical audiences to articulate both testing processes, techniques and results; guide technical audiences on remediation options and assist clients in weighing those options

Qualification

Manual penetration testingWeb application testingAPI testingBurp Suite ProThreat modelingREST / SOAPBusiness logic testingPOC developmentOWASP Top 10NetsparkerOWASP ZAPPostmanGWAPTCRESTOSWEOSWA

Required

Minimum 5 years of recent experience in application penetration testing of API's, web applications and mobile applications
Ability to communicate reporting results with technical and non-technical audiences and lead remediation conversations
Experience with burp suite pro, and other app testing tools such as Netsparker
Bachelor's degree from an accredited college/university or equivalent industry experience
Manual penetration testing
Web application testing
API testing
REST / SOAP
Burp Suite Pro
OWASP Top 10
Business logic testing
Threat modeling
POC development
Burp Suite
Netsparker
OWASP ZAP
Postman (for API testing)

Preferred

One or more major ethical hacking certifications not required but preferred; GWAPT, CREST, OSWE, OSWA
OSWE
OSWA
GWAPT
CREST

Company

Confidential

twitter
company-logo
Centralizing All Types Of Next Opportunities For You In One Place.
location
Vancouver, US
people-size2-10 employees

Funding

Current Stage
Early Stage
Company data provided by crunchbase