Senior Web Application - Penetration Tester

Nexere Consulting Limited

Posted on Nov 21, 2022 by Nexere Consulting Limited

New York, NY 10001
Immediate Start
$200k - $200k Annual

My client are currently seeking Senior Engineer-Web Application Penetration Tester, to join our Cyber Security team, based in the US. The ideal candidate will possess a deep understanding and great experience of attack surfaces in modern compiled applications and operating systems.

Key Responsibilities:

Have a passion for breaking into websites and keen interest in information security.

Have a strong understanding of how web applications, both Server Side, and Single Page

Applications function hosted in the cloud.

Have a keen eye towards business logic attacks.

Ability to perform web, mobile and API penetration testing

Intricate know how of BURP Suite Pro security tool

Prior corporate Experience of web penetration testing applications is required including PCI environments.

Deep understanding of OWASP top ten vulnerabilities.

You follow the bug bounty community closely to understand the latest hacking techniques.

Familiarity with manual code review techniques.

Strong plus familiarity with NodeJS, C#, PHP, Python, JAVA languages.

Familiarity with AWS, Azure cloud


At least have a Bachelor's degree in computer science, software engineering or equivalent experience

At least have 5 to 7 years of Penetration testing experience (web, mobile, API)

Intricate know-how of BURP Suite Pro security tool and other Pen testing tools.

Ability to clearly state defensive techniques for discovered vulnerabilities.

Ability to communicate clearly how to remediate an issue.

Knowledge of how to write formal penetration reports and convey impact to business leaders.

Strong plus familiarity with NodeJS, C#, PHP, JAVA languages.

Strong plus familiarity with SWIFT, Objective-C, Kotlin languages (for mobile testing)

Expected to have some level of Python coding skills

Understanding of AWS IAM and AWS services is required. Other cloud platforms and plus.

Familiar with DNS Enumeration and supporting tools such as OWASP AMASS, Recon-Ng etc.

Experience with Gobuster, web fuzzing tools, nmap, password guessing/cracking and other common security tools.

Command line skills including writing bash scripts, powershell and ability to parse data from output of tools and logs

Some network penetration testing required.

Attend security conferences and CTF events regularly.

Reference: 1799347331

Set up alerts to get notified of new vacancies.

Similar Jobs

Software Engineer

Maryland, NY

$30k - $55k Annual

Desktop Support Engineer

New York, NY

Annual Salary

Sales Exec - Capital Markets

New York, NY

Annual Salary