Web Application Penetration Tester – Cybersecurity Remote
• Job Description:
- Conduct penetration testing, ethical hacking, and security assessments on web applications, networks, cloud infrastructures (AWS, Azure, GCP), and enterprise IT environments.
- Identify and exploit vulnerabilities such as SQL Injection (SQLi), Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), Remote Code Execution (RCE), and Insecure Direct Object References (IDOR).
- Perform network security assessments, including port scanning, vulnerability analysis, privilege escalation, and Active Directory (AD) security testing.
- Utilize cybersecurity tools such as Burp Suite, Metasploit, Nmap, Wireshark, Nessus, Acunetix, Kali Linux, and BloodHound for in-depth security evaluations.
- Develop and execute custom scripts, automation tools, or exploits for penetration testing scenarios.
- Conduct post-exploitation analysis, privilege escalation, and persistence techniques.
- Provide detailed security reports, risk assessments, remediation plans, and mitigation strategies to enhance security posture.
- Stay updated on zero-day vulnerabilities, exploit development, cloud security threats, and emerging cyberattack techniques.
- Requirements:
- Hands-on experience in penetration testing, web security, vulnerability assessments, and red teaming.
- Strong understanding of ethical hacking methodologies including OSSTMM, OWASP Top 10, PTES, NIST, MITRE ATT&CK, and CIS Benchmarking.
- Proficiency in web application security testing, cloud security (AWS, Azure, GCP), and API security.
- Experience in network security, firewall evasion, social engineering, and Wi-Fi security testing.
- Knowledge of reverse engineering, malware analysis, exploit development, and buffer overflow techniques is a plus.
- Familiarity with Active Directory attacks, Kerberoasting, Pass-the-Hash, Mimikatz, BloodHound, and PowerShell Empire is highly desirable.
- Proficiency in scripting/programming (Python, Bash, PowerShell, JavaScript, or C) for security automation and exploit development.
- Relevant certifications such as OSCP, OSCE, OSEP, CRTP, CEH, GPEN, CISSP, eWPTX, or GXPN are highly preferred.
Benefits: