| Pen Tester at Westlake, Texas, USA |
| Email: [email protected] |
|
From: Prabhat, VYZEINC [email protected] Reply to: [email protected] Job Description - Interview will be on-site in Dallas Westlake area Texas Please send candidates with proper details with LinkedIn. Title - Pen Tester Location - On-site Westlake, TX Job Type - Contract 6 months (CTH) Job Description: Key Responsibilities Conduct manual and automated penetration testing of web applications, APIs, and related infrastructure. Identify, document, and exploit security vulnerabilities such as SQL injection, cross-site scripting (XSS), authentication flaws, and business logic issues. Perform source code reviews to identify security flaws in web applications. Use industry-standard tools such as Burp Suite, OWASP ZAP, Metasploit, Nmap, Kali Linux, and SAST/DAST tools. Develop and execute custom scripts and exploits to validate security weaknesses. Collaborate with development and DevSecOps teams to provide secure coding recommendations and remediation guidance. Generate detailed reports with findings, risk assessments, and actionable remediation steps for technical and non-technical stakeholders. Stay up to date with the latest web security trends, vulnerabilities, and attack techniques. Perform retesting of vulnerabilities after remediation efforts. Assist in threat modeling and risk assessments for web applications. Tools & Technologies The candidate should be proficient in using the following tools and technologies for web application penetration testing: Web Application Security Testing Tools: Burp Suite (Pro & Community) WebInspect Network & Reconnaissance Tools: Nmap Masscan Amass Subfinder / Assetfinder Shodan / Censys Exploitation & Attack Tools: SQLmap (SQL injection testing), Metasploit Framework, Scripting & Automation: Python / Bash / Power JavaScript (for DOM-based attacks and exploitation) Postman / REST API testing tools Code Analysis & Debugging: Source Code Review (Java, .NET, Python, JavaScript, etc.) Static Analysis Tools (SAST) SonarQube, Snyk, Fortify Dynamic Analysis Tools (DAST): Acunetix, Cloud & Container Security: AWS Security Tools (Pacu, ScoutSuite, Prowler) Docker Security Testing (Trivy, Dockle) Kubernetes Security Testing (Kube-hunter, Kube-bench) Qualifications & Skills Technical Skills: Deep understanding of OWASP Top 10 vulnerabilities and web security principles. Proficiency in HTTP/HTTPS protocols, authentication mechanisms, session management, and API security. Experience with scripting (Python, Bash, Power, JavaScript) for automation and exploit development. Familiarity with Cloud Security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is a plus. Knowledge of Secure Software Development Life Cycle (SDLC) practices. Certifications (Preferred but Not Required): OSCP (Offensive Security Certified Professional) GWAPT (GIAC Web Application Penetration Tester) CPT (Certified Penetration Tester) CEH (Certified Ethical Hacker) Experience & Education: Bachelors degree in Computer Science, Cybersecurity, or a related field (or equivalent experience). 2-5 years of experience in web application security, penetration testing, or ethical hacking Keywords: Texas Pen Tester [email protected] |
| [email protected] View All |
| 11:29 AM 28-Feb-25 |