myGwork - LGBTQ+ Business Community · 3 days ago

Web Application Penetration Tester - Technical Lead

McLean, VA

Full-time

Hybrid

Senior Level

$144K/yr - $216K/yr

8+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Internet

Insider Connection @myGwork - LGBTQ+ Business Community

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Perform web application penetration tests, including manual and automated testing techniques

Identify and exploit vulnerabilities in web applications, APIs, and related technologies

Develop and maintain scripts, tools, and methodologies to enhance web application security testing processes and capabilities

Provide detailed vulnerability analysis and contextual feedback to development and operations teams

Collaborate with stakeholders to scope prospective engagements, lead engagements, and mentor less experienced staff

Collaborate with the Red Team to integrate web application penetration testing findings into broader threat emulation scenarios and organizational security assessments

Contribute to the development and improvement of security policies, standards, and guidelines

Generate innovative ideas and challenge the status quo

Develop scripts, tools, or methodologies to enhance the Red teaming processes and capabilities

Participate in and actively support mentoring with other members of the team

Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Web Application SecurityPenetration TestingTechnical CertificationsCommon Web Application Penetration Testing ToolsWeb TechnologiesWeb Application VulnerabilitiesSecure Coding PracticesApplication Security FrameworksThreat Actor PerspectiveSecure Development PracticesCode ReviewScriptingProgramming Language ProficiencyPythonJavaScriptRubyCloud SecurityWeb ApplicationsAWSAzureGCPMobile Application Security TestingMobSFFridaBurp Suite Mobile Assistant

Required

8-10 years of relevant experience in web application security and penetration testing

One or more technical certifications: OSWA, OSWE, OSCP, GWAPT, GMOB, OSEE, OSEP, or similar

Proficient with common web application penetration testing tools (e.g., Burp Suite, OWASP ZAP)

Solid understanding of web technologies (e.g., HTTP, HTML, JavaScript, REST, SOAP) and common web application vulnerabilities (e.g., SQL injection, XSS, CSRF)

Knowledge of secure coding practices and application security frameworks (e.g., OWASP)

Ability to critically examine web applications and systems through the perspective of a threat actor