Job Title: Penetration Tester
Location: Salem, OR (Onsite)
Experience Level: 8+ Years (relevant)
Client : Hitachi
End Client: State of OR
Key Responsibilities / Required Skills:
o Experience in manual penetration testing, particularly in web and mobile applications.
o Strong understanding of security frameworks like OWASP Top 10 and NIST Standards.
o Proficiency in using security tools like Burp Suite, ZAP, Metasploit, Checkmarx, and AppScan.
o Hands-on experience with DAST and SAST tools such as IBM AppScan, HP WebInspect, and Acunetix
for vulnerability assessments.
o Practical experience with AWS services (EC2, S3, KMS, RDS) and security best practices relevant to
cloud environments.
o Familiar with Azure cloud security architecture, VNets, and Azure DevOps pipelines.
o Proficient in Python, Perl, PHP, Java, and Objective C for security testing and code reviews.
o Knowledge of core networking concepts like routing, ACLs, SSL/TLS, TCP protocols, and load
balancing strategies.
o Experience in building and assessing API security frameworks and secure coding practices for web
apps.
o Deep experience in implementing Secure Software Development Life Cycle (S-SDLC) processes,
ensuring security across development, testing, and production phases.
o Active participation in platforms like Hack the Box, Portswigger Academy, or Capture the Flag (CTF)
challenges.
o Passion for discovering new vulnerabilities and security exploits.
o Excellent written and verbal communication skills to clearly articulate security risks and remediation
strategies.
o Familiar with common technology stacks such as LAMP, LEMP, and MEAN, as well as secure coding
practices for these environments.
o Conduct penetration testing on web and mobile applications, identifying critical vulnerabilities and
collaborating with development teams to resolve them.
o Implement and maintain Application Security Programs (DAST & SAST), ensuring all applications
follow security best practices.
o Lead security scoping calls with stakeholders, outline security risks, and develop remediation plans.
o Perform code reviews to detect vulnerabilities and enforce secure coding standards, especially in
Java, Python, and Objective C.
o Utilize tools such as Burp Suite and Checkmarx for security testing, as well as manual testing for
identifying issues like XSS, SQLi, CSRF, etc.
o Provide feedback on application architecture regarding network security, SSL/TLS configurations,
and cloud security best practices.
o Stay updated on emerging security vulnerabilities, develop API security strategies, and integrate
security controls into the CI/CD pipeline.
Certifications:
Desired certifications include OSCP, OSWA, CEH, or relevant SANS certifications.
...The ideal candidate will be responsible for assisting attorneys in all stages of litigation matters. This candidate should feel comfortable conducting research, doing data entry, scheduling, maintaining case files, and completing other ad-hoc requests, as needed. **...
...About our Company - Canon U.S.A., Inc., is a leading provider of consumer, business-to-business, and industrial digital imaging solutions to the United States and to Latin America and the Caribbean markets. With approximately $29.4 billion in global revenue, its parent...
...Email Marketing Coordinator LHH Recruitment Solutions is currently seeking a email marketing coordinator with 2 or more years of experience for a retail organization that is hybrid in Atlanta, GA; 4 days in office 1 day work from home. This is a great role that offers...
"Ready to rock the world of travel and music? Step into the spotlight with us!" Setting the Stage At NTRP, we don't just plan travel... ...the right pitch. This role is for someone ready to step up and manage their own portfolio of artists, bring new clients into the fold,...
...a focus on work-life balance. Our rehabilitation centers offer a compassionate care environment, empowering you. Director of Nursing (DON) Benefits: ~ Medical/Dental/Vision Coverage ~401k ~ Employee rewards program ~ PTO package and paid holidays ~ Team-...