Information Security Consultant (Mobile and Web Application Penetration)

About Us

Tevora is a tight-knit community of professionals with a shared passion for our craft. Every day, we combine in-depth knowledge of cybersecurity, technology, and compliance to help create more secure digital environments. To Tevorans, every problem is a puzzle in need of solving. We strongly believe that if we put smart, driven people in a room together, they will accomplish great things. We maintain a supportive culture that celebrates continuous learning, diverse perspectives, and sharing the wins. That's why we have our eyes on you.

About The Role

Tevora is looking for a talented and experienced professional to join our Penetration Testing team. The right candidate will have technical proficiency, experience in Application Penetration Testing or related fields, and a passion for information security. In this position, you will analyze and attack our clients' networks, API, and web applications to ensure they are secured against the latest threats.

This is a growth-oriented role within Tevora's consulting team and you will be expected to provide thought leadership to the overall practice through meaningful client work, security community involvement, as well as continuing education.

Essential Functions

• Perform application penetration testing, including fuzzing, application logic testing, and source code analysis.
• Perform mobile application testing on iOS and Android platforms.
• Produce high-quality penetration testing reports for client executives and technical personnel
• Present the results of penetration testing activities, including an explanation of findings and recommended remediations
• Work directly with clients over phone, email, and chat to kickoff projects, answer technical questions, and debrief penetration test findings
• Identify and implement improvements to testing processes and methodologies
• Perform research and tool development to support and advance Tevora's practice.

Qualifications

• Ability to learn and willingness to be challenged.
• Proficiency with Burp Suite and/or ZAP.
• Experience with the theory and usage of penetration testing frameworks such as OWASP Testing Guide v4, Web App Hackers Handbook NIST or PTES
• Knowledge and understanding of security engineering basics including but not limited to a system and network security, authentication and security protocols, cryptography, mobile and web application security
• Experience using various penetration testing and analysis tools (such as IDA, Ghidra, Drozer, Frida, Cycript, NMAP, MobSF, Nessus, Cobalt Strike, Burp Suite, ZAP, Metasploit, Rubeus, BloodHound etc.) on Windows, Linux, iOS, and Android
• Knowledge of scripting languages (such as, Python, Ruby, Perl, Bash, VB/WScript, PowerShell, etc.)
• Experience with web frameworks and source code review
• Programming experience with C , C, C#, Go, Python, Java, Kotlin, Objective C, Swift, or JavaScript preferred
• Hardware hacking experience is a bonus (JTAG, NAND dumping, finding your way around a board with a multimeter)

Abilities

• Excellent written and verbal communication, multi-tasking, time management, and analytical abilities
• Dynamic, enthusiastic attitude with the ability to make concrete progress in the face of ambiguity with a strong sense of ownership, urgency, and drive.

Education and Experience

• Minimum of 2-3 years of professional experience performing mobile or web application penetration tests or similar technical consulting experience.
• Industry certifications (e.g. OSCP, OSCE, GWAPT, GPEN, GXPN, OSWE, or other) or Bachelor's Degree in a related field

Additional Qualifications:

• Valid driver's license as driving will be required in this role
• Eligible to work in the United States

Benefits:

• Comprehensive Healthcare Benefits
• 401k w/ Employer Matching
• Paid Vacations
• Paid Holiday
• Vibrant Work Culture

Tevora is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.