Web Application Penetration Tester

Black Lantern Security is a Services Oriented Company • Black Lantern Security is built around the ingenuity, passion, and determination of our Operators and Analysts • No one "mastermind" • No "cult of personality" • Competitive compensation and benefits • Healthy work-life balance • Project-based engagements that play to the team's strengths Web Application Penetration Tester Location: Remote Required: • Must be US citizen (must be willing to submit to federal, state, and local background checks and other requirements). • Experience in performing penetration testing on enterprise networks, web applications, and mobile applications. • Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws. • Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON). • Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities. • Experience developing actionable intelligence based on open source intelligence (OSINT) gathering. • Experience with 1 or more scripting languages such as Bash, Python, Perl, PowerShell, etc. • Solid understanding of OWASP testing methodology. • Familiarity with front-end web application frameworks (i.e. AngularJS, Bootstrap, etc). • Capable of working effectively and efficiently with minimal supervision. • Strong written and verbal English language skills. • Demonstrated ability to: • Adhere to the highest standards of honesty and scientific and business integrity. • Think critically about complex problems and situations. • Consider emerging vulnerabilities and threats from within the context of organizational risk and business impact(s). • Develop novel attack vectors based on newly discovered vulnerabilities. • Possess a basic understanding of regulatory standards and requirements including the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), and the Gramm-Leach-Bliley Act (GLBA). Preferences: • Web application development or source code review experience. • Strong knowledge of Windows and Linux operating systems. • Working knowledge of containerized applications and container-based security controls and configurations.Possess current professional certification (i.e. GWAPT, OSCP, OSCE, GPEN) Responsibilities: • Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs. • Execute manual and automated code analysis to assess the quality and security of source code. • Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews. • Develop custom tools and exploits. • Analyze security findings, including risk analysis and root cause analysis. • Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations. • Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations. • Execute verification and validation testing for customer mitigations and fixes. Apply tot his job