Application Pen Tester

Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. Our professionals are among the most talented in the industry, and each and every day, they strive to provide the unbiased assessments, advice, and innovative solutions that help our clients meet their specific challenges and build long-term strategies to protect their organizations. For nearly 20 years, we’ve been on the cutting-edge of one of the world’s most important industries – and we’re committed to making the world a safer place by solving our clients’ toughest security challenges.

We’re growing rapidly and are currently seeking a Senior Application Penetration Tester to support our Columbia, MD office.

• Conduct Web application penetration testing
• Conduct API penetration testing
• Conduct Mobile Application penetration testing on iOS and Android platforms
• Conduct security assessments on a wide variety of technologies and implementations
• Simulate sophisticated cyberattacks to identify vulnerabilities for clients worldwide
• Conduct source code reviews for security vulnerabilities
• Mentor and provide guidance for junior team members
• Work closely with the Director/Senior Manager/Principal Consultant of the team to develop and implement initiatives on training and TTPs
• Lead engagements and act as the point of contact for client engagement

.

• 5-7 years’ experience in information security with a focus on Red Team and Application Security testing experience
• Experience with API testing and Mobile Application testing
• Familiarity with XML, SOAP, JSON, and AJAX
• Hands-on experience with two or more scripting languages such as Python, PowerShell, Bash, or Ruby
• Experience with penetration testing tools and tool suites such as Burp Suite Pro, Acunetix, NetSparker, Kali Linux, Cobalt Strike, etc.
• Hands-on experience engaging clientele in consulting-related environments
• An aptitude for technical writing, including assessment reports, presentations, and operating procedures
• Strong understanding of security principles, policies, and industry best practices
• Experience working with/for Federal, State, and/or Local Government agencies.
• Ability to travel up to 20%
• Offensive Security Certified Professional (OSCP)
• Ability to obtain a U.S. Government Security Clearance