Web Application Penetration Tester

Job Description

Blackstone Talent Group, an award-winning technology consulting and talent agency is seeking a Web Application Penetration Tester to join our Client's team.

The Web Application Penetration Tester will perform the manual penetration testing of mission critical web application to discover vulnerabilities and propose remediations to the development team.

The Web Application Penetration Tester is expected to:

• Conduct penetration tests on web pages to identify and exploit security vulnerabilities.
• Document the findings and provide techniques and solutions to remediate vulnerabilities.
• Work closely with the development team to implement remediations/solution and verify fixes.
• Plan and manage all aspects of the penetration testing function.
• Mentor the development team in building and securing web applications using OWASP and other mainstream frameworks.
  
  

Provide primary development for CARE modules:

• Conduct details penetration tests using common frameworks such as OWASP to discover vulnerabilities.
• Work closely with the development team to remediate vulnerabilities.
• Develop automation scripts to re-run security tests and ensure that new vulnerabilities are caught before they are deployed to higher environments.
• Assist the development team in ensuring that applications are securely designed and developed.
• Promote high quality, scalability, and timely completion of projects.
• Ensure that all project documentation is produced in the standard format, that it follows internal documentation.
• Serve as subject matter expert for all matters related to web application security.
• Create, test, and implement code changes and integrate them with existing programs as needed.
• Coordinate meetings/communications with the Claims User Community, as needed.
• Ensure that all I.T. requirements (documentation, sign-off, and approvals) are completed as per System Engineering Handbook.
• Provide timely and effective reporting on status of projects.
  
  

Provide primary support for CARE modules:

• Perform peer code reviews and provide feedback.
• Work with cross functional teams, including Business, QA, and Operations.
• Work closely with Business Users to scope and draft functional requirements.
• Help Users to create test cases, use cases and help with functional testing.
• Debug the system for certain behavior of the feature(s) and explain it to the Users.
  
  

TECHNICAL KNOWLEDGE AND SKILLS:

• Advanced knowledge web application penetration testing.
• In-depth knowledge of OWASP Top 10 and other frameworks.
• Experience and willingness to work in a fast-paced environment.
• Development experience in an enterprise-class system with multi-tier architecture
• Proficient knowledge of Java, Spring, and Oracle.
• Working knowledge of Linux and Windows
• Extensive knowledge of and proven experience with penetration testing of web applications, and methods and frameworks for identifying and remediating vulnerabilities.
• Strong knowledge in project management practices and ability to document processes and procedures as needed.
  
  

PROFESSIONAL SKILLS:

• Strong speaking and writing skills.
• Skill to analyze information and identify and formulate solutions to problems.
• Ability to provide more in-depth analysis with a high-level view of goals and end deliverables.
• Ability to complete work within a reasonable time frame under the supervision of a manager or team lead.
• Ability to plan and manage all aspects of the support function.
• Ability to work collaboratively with other support team members and independently on assigned tasks and deliverables with minimum supervision.
• Ability to communicate effectively with users at all levels, from data entry technicians up to senior management, verbally and in writing.
• Ability to be self-motivated, work closely and actively communicate with team members to accomplish time critical tasks and deliverables.
• Ability to ask questions and share information gained with other support team members, recording and documenting this knowledge.
• Ability to elicit and gather user requirements and/or problem description information and record this information accurately.
• Ability to listen carefully and act upon user requirements.
• Ability to convey and explain complex problems and solutions in an understandable language to both technical and non-technical persons.
• Ability to present technical solutions to management and decision makers
• Ability to follow the lead of others on assigned projects as well as take the lead when deemed appropriate.
  
  

CORE COMPETENCIES:

• Act with integrity
• Use sound judgement
• Commitment to quality
• Demonstrate adaptability
• Innovate
• Think strategically
• Communicate effectively and influence others
• Work well both independently and as part of a team
  
  

Blackstone Talent Group is a wholly owned subsidiary of Blackstone Technology Group, a global IT services and software firm that implements technological solutions across commercial industry verticals and the US Federal Government. Blackstone's global talent augmentation practice was founded in 1998. Blackstone Talent Group has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors.