Dice is the leading career destination for tech experts at every stage of their careers. Our client, IT Trailblazers, LLC, is seeking the following. Apply via Dice today!
Note ; We do have this following Fulltime role with one of our clients , where we are looking for consultants who can work on the clients W2 , So we are looking for we are looking for H for this role due to restrictions. No Corp to corp allowed.
Job Title: Pen Tester
Location: Salem, OR
Duration : Fulltime
Key Responsibilities / Required Skills:
- Minimum 9 years of Experience in manual penetration testing, particularly in web and mobile applications.
oStrong understanding of security frameworks like OWASP Top 10 and NIST Standards.
oProficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
oHands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix for vulnerability assessments.
oPractical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to cloud environments.
oFamiliar with Azure cloud security architecture, VNets, and Azure DevOps pipelines.
oProficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.
oKnowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load balancing strategies.
oExperience in building and assessing API security frameworks and secure coding practices for web apps.
oDeep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes, ensuring security across development, testing, and production phases.
oActive participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF) challenges.
oPassion for discovering new vulnerabilities and security exploits.
oExcellent written and verbal communication skills to clearly articulate security risks and remediation strategies.
oFamiliar with common technology stacks such as LAMP, LEMP, and MEAN, as well as secure coding practices for these environments.
oConduct penetration testing on web and mobile applications, identifying critical vulnerabilities and collaborating with development teams to resolve them.
oImplement and maintain Application Security Programs (DAST & SAST), ensuring all applications follow security best practices.
oLead security scoping calls with stakeholders, outline security risks, and develop remediation plans.
oPerform code reviews to detect vulnerabilities and enforce secure coding standards, especially in Java, Python, and Objective C.
oUtilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for identifying issues like XSS, SQLi, CSRF, etc.
oProvide feedback on application architecture regarding network security, SSL/TLS configurations, and cloud security best practices.
oStay updated on emerging security vulnerabilities, develop API security strategies, and integrate security controls into the CI/CD pipeline.
Certifications:
Desired certifications include OSCP, OSWA, CEH, or relevant SANS certifications
