|

Get new similar jobs by email for

Web Application Security Teste...

By continuing you agree to Monster's Privacy policy, Terms of use and use of cookies.
Monster
 
 
 
 

Job Summary

Company
Knowledge Consulting Group
Location
Washington, DC
Industries
Computer/IT Services
Job Type
Full Time
Employee
Years of Experience
2+ to 5 Years
Education Level
Bachelor's Degree
Career Level
Experienced (Non-Manager)
Job Reference Code
1405

Web Application Security Tester

About the Job

  • Conduct white box security testing to assess and validate application security
  • Monitor and track progress of found vulnerabilities and maintain the history
  • Explain and demonstrate vulnerabilities to application/system owners, and provide recommendations for mitigation
  • Issue reports on assigned application and system scans


Requirements:
Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. Must be clearable to the Top Secret level.

  • At least 2 years’ experience in web application security.
  • Expert knowledge of information security principles, web applications and a level of familiarity with malicious code and common techniques used by hackers.
  • Excellent problem solving and analytical skills, self-motivated; outstanding oral and written communication skills
  • Intimate knowledge and hands-on experience using Nessus, Foundstone, Nmap, BurpSuite, including manual techniques.
  • Knowledge of OWASP Top 10 and SANS Top 25 and how to effectively remediate vulnerabilities associated with each.
  • Demonstrated manual web application testing experience; for example, you must be able to simulate a SQL inject without tools, simulate XSS attack, X-Path Injection, etc.


Desired Knowledge, Skills and Experience:

  • Bachelor’s degree in an Information Technology related field of study or equivalent experience
  • 5+ years of experience in web application security
  • Solid knowledge of penetration testing methodology and prior experience with programming in one or more server-side technologies such as Java, JSP, PHP, ASP.Net, ColdFusion, Perl, Python, etc.
  • Demonstrated ability to verify, through manual penetration testing, each finding to reduce false positives, increasing the accuracy of our reporting.
  • Firm understanding of risk and using CVSS scoring to appropriate classify vulnerabilities.
  • Active member of IT Security user groups with security certification (CISSP, CEH, GWAPT, GPEN, OSCP, CAST, GWEB, OSWE, WAPT etc.)
 

Job Tools

  • Follow Company
    Your information may be shared with the company.
  • Following Company
  • Print
  • Share
  • Report this job