Work Square is a growing staffing agency. We assist our clients by locating unreachable talent that helps their businesses flourish.
Our candidates work with us because they know we have the finest options for them and will guide them through the process of making their next career move.
We’re expert, we develop partnerships, and we have integrity—that’s what makes us Worksquare.
One of our client is looking for a Cloud Application Penetration Tester/ Remote.
Roles & Responsibilities:
- Work as part of a team delivering application and network security assessments to our clients.
- Perform web application and API penetration testing, and Cloud Security Audits.
- Exploit vulnerabilities found in client systems; and then clearly communicate complex vulnerabilities to both technical and non-technical client staff.
- Create comprehensive technical reports explaining technical and business risk of the vulnerabilities found. This includes actionable recommendations/considerations for the client.
- Participate in project conference calls with clients and on business development calls in support of sales activities.
What you bring:
Five plus years of customer-facing consulting in the field of Penetration Testing of dynamic web applications. It is strongly desired that this experience includes development and/or code auditing.
Senior-level experience will cover:
- Experience manually testing web applications or enterprise penetration testing
- Background in web application development and/or code auditing strongly preferred
- Experience with AWS, Cloud Audit, Serverless and Microservice Architecture is a must
- Working knowledge with scripting languages (e.g. Python, Perl, PHP, Ruby)
- Working knowledge with Programming language (e.g. C, Java, Python, JavaScript, Kotlin, Swift, Objective C)
- Proficiency in Mac OS X, Linux, and/or other flavors of UNIX
- Working knowledge in basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback
- General understanding of AWS services (such as EC2, S3, KMS, RDS) and security best practices relevant to those services
- Passion for discovering and researching new vulnerabilities and exploitation techniques
- Demonstrating high ethical standards
- Applying sound security testing methodologies
- Strong verbal & written communication skills
Required technical skills:
- Enterprise application penetration testing
- Network penetration testing
- Strong working knowledge of the OWASP Top 10 and CWE Top 25 vulnerabilities such as XXE, XXS, SQLi
- Manually penetration testing of Network & Web applicationMobile application penetration testing (iOS and Android)
Web Services penetration testing (RESTful and SOAP)Web Authentication protocols (e.g. OAuth2, SAML, LDAP)
Minimum qualifications:
Bachelor’s Degree in Computer Science, Engineering or equivalent. Master’s Degree preferred.
Experience:
- Web Application Security: 2 years (Required)
- AWS Security: 2 years (Required)
