Glocomms are partnered with a global leader in the online Real Estate market in the search for a Web Application Penetration Tester to join the Product Security division focusing on utilizing threat modeling, grey box penetration testing, and white box application security analysis.
Key responsibility:
- Collaborate with Product and Software teams to ensure apps are created and implemented accordingly throughout the SDLC lifecycle.
- Conduct penetration tests on WebApps and infrastructure using both manual and automated techniques.
- Create an automated framework to improve AppSec controls supporting 100+ applications.
- Utilize a number of AppSec tools (SAST, DAST, Credential Scanning, ICA, SCA, etc.) to secure web applications.
- Identify risks and vulnerabilities and provide remediation POA&Ms.
- Develop automation methods to gather feedback and generate re-scanning.
- Create secure coding standards and training/support covering the firms' technologies and application frameworks.
- Conduct code reviews and provide recommendations to improve quality of code.
Qualifications:
- Bachelor's degree from an accredited college/university in Computer Science, Cyber Security, or a related field.
- 6+ years of experience in Cyber Security with at least 3+ years of experience in a Penetration Testing/Red Teaming focused role.
- Experience designing, implementing and operation SDLC.
- Strong experience with defense-in-depth strategy.
- Hands-on programming skills in Python, C# (preferred), PowerShell, Java, Perl, GoLang, .NET, API Integration, C/C++, etc.
- Experience automating CI/CD pipelines and IDE interfaces such as SAST and SCA solutions including AppScan, Veracode, X-Ray, Synk, or Synopsys.
- Penetration testing certifications (OSWA/OSWE, OSCP/OSCE, GPEN, GXPN, GCPN, etc.).