Web Application Penetration Tester (Only W2, No C2C)- Local to CA Only

Job Title: Web Application Penetration Tester (Only W2, No C2C)

Job ID: CR286

Location: 5880 Owens Drive, Pleasanton CA 94588 (Onsite)

Duration: 12 months contract

Note: Looking for a local candidate who can be in the Pleasanton office as needed

Must-have requirements-

• Advanced knowledge web application penetration testing.
• Extensive knowledge of and proven experience with penetration testing of web applications, and methods and frameworks for identifying and remediating vulnerabilities.
• In-depth knowledge of OWASP Top 10 and other frameworks.
• Proficient knowledge of Java, Spring, and Oracle.
• Working knowledge of Linux and Windows

Job Description:

The Web Application Penetration Tester will perform the manual penetration testing of mission critical web application to discover vulnerabilities and propose remediations to the development team.

The Web Application Penetration Tester is expected to:

• Conduct penetration tests on web pages to identify and exploit security vulnerabilities.
• Document the findings and provide techniques and solutions to remediate vulnerabilities.
• Work closely with the development team to implement remediations/solution and verify fixes.
• Plan and manage all aspects of the penetration testing function.
• Mentor the development team in building and securing web applications using OWASP and other mainstream frameworks.

DELIVERABLES OR TASKS:

• Conduct details penetration tests using common frameworks such as OWASP to discover vulnerabilities.
• Work closely with the development team to remediate vulnerabilities.
• Develop automation scripts to re-run security tests and ensure that new vulnerabilities are caught before they are deployed to higher environments.
• Assist the development team in ensuring that applications are securely designed and developed.
• Promote high quality, scalability, and timely completion of projects.
• Ensure that all project documentation is produced in the standard format, that it follows internal documentation.
• Serve as subject matter expert for all matters related to web application security.
• Create, test, and implement code changes and integrate them with existing programs as needed.
• Coordinate meetings/communications with the Claims User Community, as needed.
• Ensure that all I.T. requirements (documentation, sign-off, and approvals) are completed as per State Fund s System Engineering Handbook.
• Provide timely and effective reporting on status of projects.

Provide primary support for CARE modules:

• Perform peer code reviews and provide feedback.
• Work with cross functional teams, including Business, QA, and Operations.
• Work closely with Business Users to scope and draft functional requirements.
• Help Users to create test cases, use cases and help with functional testing.
• Debug the system for certain behavior of the feature(s) and explain it to the Users.

TECHNICAL KNOWLEDGE AND SKILLS:

• Advanced knowledge web application penetration testing.
• In-depth knowledge of OWASP Top 10 and other frameworks.
• Experience and willingness to work in a fast-paced environment.
• Development experience in an enterprise-class system with multi-tier architecture
• Proficient knowledge of Java, Spring, and Oracle.
• Working knowledge of Linux and Windows
• Extensive knowledge of and proven experience with penetration testing of web applications, and methods and frameworks for identifying and remediating vulnerabilities.
• Strong knowledge in project management practices and ability to document processes and procedures as needed.