Job Description

Job Title: Pen Tester

Location: Salem, OR

Experience Level: 8+ Years (relevant)

PS – ONLY USC or GC

Key Responsibilities / Required Skills:

• Experience in manual penetration testing, particularly in web and mobile applications.
• Strong understanding of security frameworks like OWASP Top 10 and NIST Standards .
• Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan .
• Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect , and Acunetix for vulnerability assessments.
• Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.
• Familiar with Azure cloud security architecture, VNets , and Azure DevOps pipelines.
• Proficient in Python, Perl, PHP, Java , and Objective C for security testing and code reviews.
• Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.
• Experience in building and assessing API security frameworks and secure coding practices for web apps.
• Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
• Active participation in platforms like Hack the Box, Portswigger Academy , or Capture the Flag (CTF) challenges.
• Passion for discovering new vulnerabilities and security exploits.
• Excellent written and verbal communication skills to clearly articulate security risks and remediation strategies.
• Familiar with common technology stacks such as LAMP, LEMP, and MEAN , as well as secure coding practices for these environments.
• Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.
• Implement and maintain Application Security Programs ( DAST & SAST ), ensuring all applications follow security best practices.
• Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.
• Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in Java, Python , and Objective C .
• Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues like XSS, SQLi, CSRF , etc.
• Provide feedback on application architecture regarding network security, SSL/TLS configurations , and cloud security best practices .
• Stay updated on emerging security vulnerabilities, develop API security strategies , and integrate security controls into the CI/CD pipeline .

Certifications : Desired certifications include OSCP, OSWA, CEH , or relevant SANS certifications

Job Tags

Similar Jobs