Application Security Penetration Tester

This is an opportunity to join a giant in the mobile applications world as an Application Security Penetration Tester. If you have a passion for securing applications, an in-depth understanding of application security, and the ability to identify and resolve vulnerabilities, this role is for you. You will play a key role in securing applications and shaping the future of their security posture by performing rigorous security assessments.

Responsibilities: In this role, you'll lead the security testing of their cloud-native, microservices-based architecture with a focus on web and mobile applications as well as cloud security testing. Key responsibilities include:

• Conducting comprehensive penetration testing and security assessments of web and mobile applications.
• Performing static (SAST), dynamic (DAST), and composition analysis (SCA) of source code.
• Engaging in threat modeling and threat actor simulations to test and enhance security controls.
• Collaborating with global development teams to ensure continuous improvement of the security posture.

Key Tasks:

• Perform in-depth security testing of development operations, iOS, and Android mobile applications.
• Carry out source code reviews to identify and mitigate security vulnerabilities.
• Execute detailed penetration tests and security assessments, documenting findings and recommendations.
• Automate security testing within CI/CD pipelines and implement secure coding practices.
• Conduct offensive security operations, including red team exercises to simulate real-world attack scenarios.
• Collaborate with DevOps teams to ensure security is integrated into every stage of the development lifecycle.

Qualifications:

• Bachelor's degree in Computer Science, Software Engineering, or equivalent experience.
• Professional certifications such as GWAPT, OSCP, or CEH.
• 3-5 years of experience in application security testing, source code reviews, and DevOps security.
• Proficient in programming languages and secure coding practices.
• Strong analytical skills and attention to detail.

Tools & Technologies: Experience with tools such as Burp Suite Pro, Checkmarx, Corellium, Acunetix, Synopsys, VeraCode, AWS/Azure/Oracle Cloud, Postman, SoapUI, HashiCorp Vault, and Plextrac.

Benefits:

• Health Insurance: Comprehensive medical, dental, and vision coverage.
• Competitive Salary: Attractive salary based on experience.
• 401(k) Matching: Company contributions to your 401(k) retirement plan.
• Generous PTO: Vacation, sick leave, and holidays.
• Professional Development: Access to training, workshops, and certifications.
• Tuition Reimbursement: Financial support for further education.
• Inclusive Environment: A diverse, supportive workplace with team-building activities and social events.

I look forward to receiving your applications and discussing it further!