Web Application Penetration Tester

Black Lantern Security is a Services Oriented Company• Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts• No one "mastermind"• No "cult of personality"• Competitive compensation and benefits• Healthy work-life balance• Project-based engagements that play to the team's strengthsWeb Application Penetration TesterLocation: RemoteRequired:• Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements).• Experience in performing penetration testing on enterprise networks, web applications, and mobile applications. • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery,Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws. • Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON). • Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.• Experience developing actionable intelligence based on open source intelligence (OSINT) gathering. • Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc. • Solid understanding of OWASP testing methodology. • Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc). • Capable of working effectively and efficiently with minimal supervision. • Strong written and verbal English language skills. • Demonstrated ability to:• Adhere to the highest standards of honesty and scientific and business integrity.• Think critically about complex problems and situations. • Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s). • Develop novel attack vectors based on newly discovered vulnerabilities. • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA). Preferences:• Web application development or source code review experience.• Strong knowledge of Windows and Linux operating systems. • Working knowledge of containerized applications and container-based security controls and configurations.Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN)Responsibilities:• Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs. • Execute manual and automated code analysis to assess the quality and security of source code. • Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.• Develop custom tools and exploits. • Analyze security findings, including risk analysis and root cause analysis. • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations. • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations. • Execute verification and validation testing for customer mitigations and fixes. Apply tot his job